When it comes to defending networks against viruses, hackers, and other malicious threats, there are only two categories of users—those who have a defined, implemented, and managed IT security policy and those that do not.
There is good reason why many businesses have no IT security policy. They have limited IT security skills, and those resources they do have are focused on running their commercial operations. Mostly, these are smaller businesses and they need help to fight effectively against the overwhelming number of threats that attack their networks.
Most large enterprises will be certain to have IT teams and security specialists. Most small businesses will not. But rather than concentrating on size, it is more useful to inquire instead about the ability of a user to respond to a security threat. So another way to look at the need for security solutions is to examine the extent to which the customer is able to define, implement, and deploy a security policy. To be security-savvy or security-challenged. Do the security skills exist or not?
http://www.mcafee.com/us/local_content/white_papers/wp_mgt_antivirus_ss_...
