I watched the movie Firewall, starring Harrisson Ford the other night, and one of the things it really highlighted for me was the fact that computer security is not just a technical issue.
Without spoiling the film completely, Ford plays the VP of Network Security in a bank and is forced by the baddies to steal from his own bank or else his family will be killed. Various things go wrong and with MacGyver style ingenuity he manages to…well, watch the movie yourself and see.
The point is, that no matter how tight your technology is, there will be a way of out-smarting it. So what do you do? You put processes in place to make sure the technology is not your only form of protection. You don’t allow any one person the authority to make critical changes or access critical data without supervision. You seperate the security process from the normal chain of command etc etc.
Actually I once worked in a bank where a security guard refused to allow the CEO on to the presmises out of hours because the correct procedures had not been followed. Big call for the man on the gate to make in the face of an irate executive. The following morning he was called in to the office and commended on having stuck to his guns, (metaphorically speaking).
Anyway, if you get the chance check out Firewall. If nothing else you’ll find out what to you can achieve with a fax machine, an iPod and a couple of pieces of chewing gum.