Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. SecurityMatters.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.

LINK TO: SecurityMatters.com, home page.
The network security practice of Bennett Gold LLP, Chartered Accountants.


Join the
Bennett Gold
News List:

(enter e-mail)
read privacy
disclosure

Security News Headlines:

PEOPLE "WEAKEST LINK" IN SECURITY EFFORTS

GO BACK to Previous Page.

Source: IDG News Service
Posted on November 5, 2001

      Humans may be the weakest link in securing information systems, according to a panel of experts at a conference organized by the Computer Security Institute last week.

      A panel during the conference's Wednesday morning session was dedicated to examining the role that people play in securing digital information. CSI is a membership organization that provides training and events related to information security. Senator Bob Bennett, a Republican from Utah who is a member of the Republican High Tech Task Force, introduced the session by calling on the audience of security professionals to make contributions to their company's information security that go beyond technology and engineering.

      "Computers can't protect, only people can protect," he said.

      Specifically, Bennett urged the audience to convince their company executives that data is as important to a business as capital is. "American business has to start to think of data with the same reverence that it thinks of money," Bennett told the audience, many of whom nodded their heads in agreement.

      A company's chief financial officer builds layers of control around handling money, such having more than one person sign checks or hiring outside firms to perform audits on accounting books. "There are redundancies to protect the money, we need the same kind of attitude to protect data," he said.

      The senator asked the audience to make their companies' executives realize this, by coming out of "Nerdville" and demonstrating that their concerns about information security are rational and appropriate.

Assessing Vulnerability

      Following the senator's speech, a recently formed group called the Human Firewall Council announced a downloadable free utility that lets visitors assess their organizations' security awareness by answering survey questions. According to Doug Erwin, council member and chief executive officer of PentaSafe Security Technologies, 350 individuals have already taken the survey, and many of them did not score well.

      Beyond answering the survey questions, Erwin told the audience to challenge existing security policies that don't make sense to them, and to become company evangelists for protecting data. Securing company information "is not just the security manager's job, it's everyone's job," he said, adding that in the chain of security, people are "the weakest link."

      Brett Hovington, council member and national coordinator for the FBI's National IfraGard Group, said that understanding the human component, or identifying who is behind the keyboard, is essential to solving information security breaches. The FBI has begun profiling cyberintruders, much as it does serial killers, to help agents understand behavior and motivations behind attacks and hopefully identify attackers.

      Another council member, independent security consultant Charles Cresson Wood, lauded President Bush for establishing an executive organization to head up security, after the terrorist attacks of September 11. He suggested businesses do the same. "President Bush is doing what every organization should do, creating a new organizational unit to come to terms with new threats," Wood said, referring to the U.S. Office of Homeland Security.


RETURN TO TOP OF PAGE.



LINK TO: Site development and design by PLANETCAST.