In the study conducted by Susanto, Almunawar, and Tuan (2011), since “there is no single formula that can guarantee 100% of information security,” there must be standards set to establish a viable level of security within an organization (p 23). These standards also help the organization in ensuring there is a proper allocation of resources and that best technical practices are utilized. In following various guidelines used to create and manage security (CIS, ISO, NIST, SANS, etc.), an organization must implement various policies pertaining to security, protect the physical assets of the organization, be prepared for internal and external incidents, allow for new development and phases, and implement training and awareness for its personnel (Behm, 2003, p. 7). By following these standards, an organization is able to get a better understanding of all the facets of their information security department by having a verbatim outline of all the features. These guidelines also allow for constant development and growth so any changes within the organization can easily be applied to the security …show more content…
The employees of an organization have a vital role in the success of a security program for multiple reasons. Primarily, the employee’s will me be the ones who utilize the company’s technology on a day to day basis. This not only gives them the highest risk of failure in abiding to security policies and protocols, but also makes them a major target for the attackers trying to infiltrate the organization’s systems. Sasse, Bronstoff, and Weirich (2001) found that “in many of the reported cases, user behaviour enabled or facilitated the security breach”, which has been linked to the growth of security problems over the years (p. 122). This data, along with various other instances of human error, has led many to the conclusion that a complex and cogent security system is no longer satisfactory. Many practiced security procedures, such as network firewalls and 2-step user identification, while successful in theory, fail because of the incompetence of the end