testing tools and monitoring devices. Many of these devices
            were either built specifically for security or have security
            functionality capability. The challenge seen in so many
            organizations is that these controls are not being used
            effectively.

            Devices are misconfigured, security functionality is not enabled
            or is enabled incorrectly, devices have overlapping control
            capability, but either device is operating correctly. Most systems
            and network administrators are so busy dealing with immediate
            business needs that they are oblivious to security issues or
            threats. For several years already, it can be seen in the annual
            Verizon Data Breach Report that 96-97% of all security
            breaches could have been avoided through the implementation
            of simple controls - well-known and effective controls. So the
            question is. "Why do we still see these security lapses, even by
            large organizations that spend a lot of money on security, nearly
            every week?"

            The answer has to come down to people. The tools are there but
            not used effectively. In many cases, it comes down to training.
            Staff is expected to maintain or operate a system that they have
            never  been  adequately  trained  on.  When  a  new  device  is  first
            implemented then training may or may not have been provided,
            but in the time since the implementation, the people originally
            trained have moved on, and the new staff has not been provided
            the  training,  nor  the  time,  to  learn  how  to  use  the  device
            effectively.


            Hiring

            It has been reported that as many as 80% of all resumes or
            Curriculum Vitae (CV's) contain errors or misstatements. These