There is a pretty good article by Frank Hayes over at Computerworld about security being a business problem. Others have been preaching this for a while. I have preached this time and time again over the last year or so on my blog and before that in my recommendations to my bosses, so I am not surprised it comes out again.
Frank was inspired to write his own version by the latest SANS top 20 that says security is a people problem. But Frank REALLY does not like the recommendation of testing your users and cutting off their Internet access if they fail. I don’t like that suggestion either. Seems very harsh. Of course, he is also right that it will do nothing to help and everything to hurt the relationship between users and security.
Then Frank said this:
And that animosity won’t stop with the security group. The IT people who take the brunt of it will be those on the help desk and development teams and anyone else who deals directly with users.
And? Isn’t that what the help desk is for?? 
Vet
