We're Only Human
No matter how much we think technological solutions will be the panacea for all our information assurance concerns, there's still the human factor to consider, writes Linton Wells II in this month's Incoming column, "Uneasy Sleep in a Golden Age":
In the end, it all comes down to people. When Lou Gerstner was chief executive officer of IBM, he asked how he would know if his organization had a good information assurance program. The answer was: "Walk down the hall. Find a random employee. Ask them three questions: 'Would you know if your computer was being interfered with?' If yes, 'Would you know whom to call to get support?' If yes, 'Would you care enough to call?'" Unless you can answer "yes" to all three of these questions for each of your employees, you can spend all you want on technology and still fail on the people side.
As the gap between functionality and security continues to grow, how can organizations develop security policies that people will understand and follow?