Security Cannot be an Afterthought

No matter what you might think about the environment in which your systems are running, you cannot take security for granted. Even standalone systems not connected to the Internet may be at risk (although obviously the risks will be different from a system that is more connected to the outside world).

Therefore, it is extremely important to consider the security implications of everything that you do. The following lists illustrates the different kinds of issues that you should consider:

While you are thinking about security, do not make the mistake of assuming that possible intruders will only attack your systems from outside of your company. Many times the perpetrator is someone within the company. So the next time you walk around the office, look at the people around you and ask yourself this question:

What would happen if that person were to attempt to subvert our security?

NoteNote
 

This does not mean that you should treat your coworkers as if they are criminals. It just means that you should look at the type of work that each person performs, and determine what types of security breaches a person in that position could perpetrate, if they were so inclined.