Information security professionals who seek to reduce vulnerabilities in their organizations are presented with an overwhelming number of options that cover the entire information security landscape. With the dichotomy of ever-increasing organizational demands, and fewer and fewer resources—both financial and human to meet those demands, where in the information security arena do you invest to maximize the return on your investment?

This paper simplifies and categorizes some of the core fundamentals of electronic security controls and mechanisms, and concludes that authentication may be the single most important aspect in information security. It further challenges the validity of other security controls that may be adopted by organizations prior to implementing a strong and robust authentication system.