The basic intrusion security issue is keeping unauthorized people out without hindering the work of authorized users.
How to get into a computer (any one attack helps you to do others.)
People are One of the Biggest Problems
It is pretty obvious that individual users need to keep their computers secure and their passwords secret. What is not so obvious is that system operators must know what they are doing.
The biggest single mistake which companies make is in not having a security expert or in not giving that expert enough time to do the job right. Employees with computer system operation skills are hard to find and expensive to hire, so companies tend to have fewer than they need. They also tend to overload them, not giving them time attend to all of the systems which need security. (Remember, on a network any machine that is compromised can give access to all of the machines.) There are hundreds of details to keep track of and new developments happen daily.
Why is it hard to get good security people?
SCENE: CORPORATE STAFF MEETING
Big Suit: First we will have our computer security report. Mary ...
Mary: We have had no incidents this month.
BS: Ok. Now, turning to the people who are doing exciting and
productive new things ...
this page is at http://drott.cis.drexel.edu/security.html