We’ve examined security mechanisms throughout this book, but to be able to successfully protect an organization, security must start at the topmost level and filter down throughout the organization. Executive management must define at a high level what security policies should be put in place, the type of information to be protected, and the level of protection that is required. Employees, especially IT personnel, must be made aware of these organizational security policies and adhere to them or otherwise ...