b'While most organizations are focusing on compliance, they are ignoring basic human-factor security risks that technology cannot fix, says Hord Tipton, executive director of the International Systems Security Certification Consortium, better known as (ISC)².'