We're Only Human

September 1, 2010
By H. Mosher

No matter how much we think technological solutions will be the panacea for all our information assurance concerns, there's still the human factor to consider, writes Linton Wells II in this month's Incoming column, "Uneasy Sleep in a Golden Age":

In the end, it all comes down to people. When Lou Gerstner was chief executive officer of IBM, he asked how he would know if his organization had a good information assurance program. The answer was: "Walk down the hall. Find a random employee. Ask them three questions: 'Would you know if your computer was being interfered with?' If yes, 'Would you know whom to call to get support?' If yes, 'Would you care enough to call?'" Unless you can answer "yes" to all three of these questions for each of your employees, you can spend all you want on technology and still fail on the people side.

As the gap between functionality and security continues to grow, how can organizations develop security policies that people will understand and follow?

Share Your Thoughts:

Dr. Wells does an excellent job summarizing some complex ideas to reiterate the quintessential paradox---it is NOT all about the data (I want to kick the next General who says it is). It is all about how people use what they perceive as data. The heart of Cybersecurity is not in the virtual space, but in the physical realm. It is not in the equipment, but in the policy and people...on the attacker's side too....

Share Your Thoughts: