One of the problems with security, especially as it pertains to computers and computer networks, is that it is often not done well. If the rules are too loose, they become trivial to ignore, and so then the security procedures are annoying and ineffective; set the rules too tight and they constrain the users to the point where the user can’t really use the computer or network in question. (This second situation is perhaps more annoying than the first…) Done well, security should be such that it is hardly noticed, at least it my humble opinion.