Thank you for your question! It is unfortunate, but many times business is not
interested in investing in security awareness in their employees until there is
a data breach. Once that occurs, it seems that the attitude toward security
really changes. If no breach has occurred, then the challenge is to impress
the importance of each employee to do their part to protect the business, an
angle that may work with the business owners to protect their revenue.
I hope this helps.
"So this is how liberty dies - to thunderous applause" -- Padme (Star Wars - Episode III)
Joined: Dec 05, 2011
You are completely right and it gets even tougher once one starts working
on security compliance issues.
Code security is only one aspect in the myriad of possible standards, e.g.
access control, backup, logging, sanitization...
We are currently working on these things and it's a LOT of work...
Luckily enough the business was lured :-) into approving a business impact
analysis where the aspects of confidentiality, integrity and availability are
in a way quantified and 'measured'...