There are several security concerns for the enterprise many of which can be directly influenced by the users, owners, and administrators of data and systems. Training employees on how to properly use enterprise data and use secure computing behaviors is a significant and important role for IT security. The enterprise must take ownership of its data and operate from the perspective that the data is supreme and all access must be authorized. It is also important that IT security builds a program where users know how to reach out to security for help and guidance; security cannot be a shadow organization that everyone fears the very existence of. Security should be a business enabler, for example, by taking steps to provide secure access to Internet-based solutions when requested. This chapter covered the human element of security and focused on social engineering, security awareness training, and methods to secure the enterprise, starting with the associates. In order to change enterprise security, it must be communicated that it's everyone's job to make the enterprise secure, not just the security team.

The next chapter continues with security monitoring, which was presented briefly in this chapter, as a method to detect malicious behaviors of privileged users in the context of being a victim to social engineering.