Security - The Human Factor.

2 views

Skip to first unread message

Kipsang

unread,

Jun 16, 2007, 3:58:19 PM6/16/07

to WhitehatAfrica

Currently, I've been reading this book called "The Art of Deception"
by Kevin D. Mitnick & I find it fascinating. It got me thinking: Is
the human factor truly security's weakest link? For example, a
corporation may purchase the best security solutions that money can
buy and train its employees in the use of these solutions, moreover,
follow every best-security practice recommended by the experts yet the
company's still vulnerable because security attacks today are now
being targeted at the employees of these corporations. This because as
developers come up with better security technologies, it's becoming
increasingly difficult to exploit technical vulnerabilities so
attackers will tend to try cracking the human element. A simple
illustration can be an attacker deceiving a trusted user into
revealing information e.g. setting up a counterfeit log in page for an
e-mail site thus stealing the user's ID & password hence gaining
unlimited access to their e-mail account. This is a way spammers
unscrupulously obtain e-mail addresses for marketing purposes. My
personal question is: What are we as African corporations doing to
strengthen the human factor in our day-to-day operations?

Food for thought: Is security a technological problem or a people &
management problem?

H Kriel

unread,

Jun 16, 2007, 4:14:36 PM6/16/07

to Whiteha...@googlegroups.com

Hi Kipsang,

People has always been the weakest link in the system. Just think about things like social engineering, etc.
Unfortunately it is something that u will never bee able to move away from. U can spend thousands of rands in training people, making them attend to certain security issues etc, but unfortunately a simple thing like curiosity can cill the cat. If u get a person curious enough to look at a picture u have won the case halfway get a person hooked and ure made.

That is the problem that a person is faced with.
The way i see it is that security is a 50/50 relationship. Have your IT hard and software installed but also train your users, keep them informaed AND keep on monitoring your networks. Security is definately not something you implement and sit back and relax, thinking youre ok. You might be ok for the next 5 minutes but who knows what will happen thereafter...

Regards

Herman Kriel

___________________________________________________________
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html

Reply all

Reply to author

Forward

0 new messages