The same thing happens in computer security. Some companies, like a law office I visited last week, don't have a clue. They are running a workgroup network full of Windows 95 computers with no log-ons, no anti-virus, no patches, and no firewall. Clearly a disaster already in progress.
But to be frank, that company and others like it aren't ready to listen to my spiel about all the current security risks and how I'm going to make their network perfect. It was all I could do to convince them that it would be nice if a law office holding lots of confidential client information required log-ons to get access to internal data and installed an Internet firewall.
And that's where Grimes' Hierarchy of Security Needs comes into play. Whenever I enter a company for the first time, I quickly try to measure its computer security maturity. Often I can do this in a few minutes. Mentally, I've classified them into five stages, much like Maslow's Hierarchy of Needs, based on their approach to security.
Grimes' Hierarchy of Security Needs. Wonder if someday college sophomores will snooze to its recitation?