One fundamental aspect of security and privacy is the realization that there isn’t a 100% foolproof solution for any enterprise. The reason for this is that the security and privacy program and risk management strategy are created by members of that enterprise or by contracted service providers, The employees and contractors who are in security and system administration positions can decide to disable, evade, or sabotage the security and privacy solutions. This type of insider threat is the Achilles Heel of all IT security and privacy programs, and is what underlies what are referred to as risk-adjusted solutions. This means that a security or privacy solution is selected based on several considerations, including the cost, the level of protection needed, the effect on end-users and system administrators, and the effectiveness of available technologies.
Category: Security and Privacy