In the rush to meet regulatory or customer mandates, organizations have spent millions of dollars implementing security and compliance measures either issue by issue or regulation by regulation. This has resulted in an asset-centric security approach, where we focus on the IT infrastructure and make sure that this is secure.
However, in the current versatile user community, a user is no longer bound to any single device. So, although assets still need to be kept secure, the need arises for a user-centric security approach, where security rules are aligned with the use of those assets.
This white paper presents an overview of both the asset-centric and the user-centric approaches to security. These approaches will be mapped towards the standard for Information Security: ISO 17799.
