- November 2009 (2)
In the rush to meet regulatory mandates, organizations have spent millions of dollars implementing security and compliance measures either issue by issue or regulation by regulation. This has resulted in an asset-centric security approach, where organizations focus on IT infrastructure security. The increasing need for a more user-centric approach now calls for different tactics and practices. This white paper presents an overview of both the asset-centric and the user-centric approaches to security. These approaches will be mapped towards the standard for information security: ISO 17799.