Excellent overview of security measures that should be in place in any major organisation. The numbers however do not lie and show that many of them are not on top of this, don't have the right mindset or ownership within the organisation. As an engineer it often seems useless to battle this, until something hits the fan. I am curious how to generate more awareness and especially ownership within such organisations. There seems to be a lot of psychology behind it.