July 24, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Is Security Like a Beautiful Woman? | Main | Security Rules for Web 2.0 »

October 10, 2007
The Human Element of Security

I've blogged and podcasted a bit in this space about all the various features and applications and resources a company needs to protect their systems in these dangerous times. But what I haven't mentioned in awhile is the one resource that has remained stubbornly difficult to completely secure: the human resource.

Came across an entry in Jeff Hayes' Security Blog where, seated in a sports' bar in an East Coast city, he struck up a conversation with someone next to him, and in a fairly short time the person, who was responsible for physical security for a major international accounting firm, was revealing information any bad guy would love to have if they were looking to hack that company's system.

That just goes to show you that even if our security software protected us against every single vulnerability known and unknown, it is the human element that will keep cybercriminals in business for a long, long time. In his blog, Hayes mentions the acronym MICE, which is well known by spies. It stands for money, idealogy, coercion, and ego, and represents the vulnerabilities that can be used to exploit humans for benefit.

The only defense we have against all of the human vulnerabilities is information and training. Employees need to be told (often again and again) how they represent one of the biggest threats to their systems. In essence, companies need to communicate to their employees that they need to control all points of data contact, both incoming and outgoing, and yes, that even stands for people sitting beside you in a sports' bar.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2736

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:
Getting Started with BPM
Date: Jul 29, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
Evolving Security Architectures and SOA for Better Business Collaboration
Date: Aug 06, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map

Live Chat