My approach to IT security from an organization standpoint is holistic, in the sense that I do not believe that it is only through technology that we can control the security of the system and thus the data contained within the system. Human factor plays a very important role and that cannot be discounted. Yes, at the end of the day, an open port is just that - an open port, but through my experience, threats from within the organization are far greater and can be more lethal to the financial health and reputation of the organization.

IT Security controls and policies are viewed as a "pain area" by many employees and hence, educating your employees plays a very pivotal role in changing the mindset of such employees. The IT security professional today, be it CIO or Head - IT, not only plays the crucial role of aligning IT with business strategy, but also as a marketing professional, trying to promote the correct technologies and convincing the management and employees for certain decisions being taken, which are in the best interest of the organization. Change, as they say, is the only constant, to survive in the world today... in my view, management of this change is even more crucial, because if change is unmanaged, then there is a higher probability of failure.