3. Know the threats
Back in the day, thwarting security threats mostly meant timing out CICS sessions so hackers couldn’t dial in and inherit them. Then came PCs, distributed systems, the Internet, and lots more threats. We responded by locking down desktops and guarding the perimeter with increasingly sophisticated firewalls.
Many still think the best countermeasure is to lock everything down and not let anyone be creative. But businesses live and die on innovation, and innovation means more than new products to sell. It means creative thinking, and the implementation of that thinking, everywhere in the business.
These days we should spend more time hardening the assets than the perimeter, and even more time actively supporting users, because the biggest threat is a workforce that isn’t allowed to innovate.