When I start at a new company, I make a point of meeting with key personnel from the departments that have the greatest potential for security risk, including operations, engineering, customer service, IT, finance, facilities and human resources. It’s a good way to unearth risks that might not be obvious to me and to get all of those people thinking in terms of security.
Unfortunately, the impetus for these discussions dissipates after a time as the participants get caught up in their own day-to-day priorities.
