Why does security depend on more than technologies?

What will be an ideal response?

To secure a software system, both technology and organization policies and personnel processes are needed. A system can have the most advanced technical protection, but it can still be compromised if the administrator is willing to give the needed information to an attacker. According to BBC news in a report published on April 2004 at the BBC Web site, 34% of respondents volunteered their computer system password when asked without even needing to be bribed. Another survey showed that, when questioned, 79% of people unwittingly gave away information that could be used to steal their identity. Social engineering attack is the practice of conning people into revealing sensitive data about a computer system, and these attacks can render any type of security measures useless. Most of the attacks are carried out by phone or in person; the attacker pretends to be an authorized user and can gain illicit access to a system. To reduce the risk of social engineering attacks, the technologies that provide security measures must be integrated into organizations' security policies and processes.