CS406: Information Security

When looking to secure information resources, organizations must balance the need for security with users' need to effectively access and use these resources. If a system's security measures make it difficult to use, then users will find ways around the security, which may make the system more vulnerable than it would have been without the security measures! Take, for example, password policies. If the organization requires an extremely long password with several special characters, an employee may resort to writing it down and putting it in a drawer since it will be impossible to memorize.