This is largely correct. However, staff also need to be trained and drilled on security policies and procedures. That's often lacking, especially if security is outsourced to third party contractors.
This is largely correct. However, staff also need to be trained and drilled on security policies and procedures. That's often lacking, especially if security is outsourced to third party contractors.