The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - Jan.-Feb. (2013 vol.11)
pp: 32-35
Hugh Thompson , Blue Coat Systems
ABSTRACT
Information security has long hinged on trusted insiders' ability to make good decisions. However, modifying human behavior through training is difficult; some battle-worn security executives might even dismiss it as impossible. Although foundational controls such as antivirus, data leak protection, and firewalls are important, they're far from sufficient. The sharp rise in "knowability" of people at a distance raises an important question for the information security industry about the automation of personalized attacks: what happens when the marginal cost of launching a convincing personalized attack starts to approach $0? Today, most security controls are ignorant of rich historical data about the person they're tasked with protecting. As the cost for attackers to personalize their attacks goes down, our zeal in building technology to personalize defense must rise. This article explores our industry's need to embrace security's human element.
INDEX TERMS
Computer security, Information security, Human factors, Behavioral science, Decision making, Access control, security architecture, security, information security, social engineering
CITATION
Hugh Thompson, "The Human Element of Information Security", IEEE Security & Privacy, vol.11, no. 1, pp. 32-35, Jan.-Feb. 2013, doi:10.1109/MSP.2012.161
REFERENCES
1. “The Hugh Thompson Show,” keynote, RSA Conf., 2011; www.youtube.comwatch?v=wTWJ-R1fYU4.
2. M. Jakobsson et al., “What Instills Trust? A Qualitative Study of Phishing,” Proc. 11th Int'l Conf. Financial Cryptography and 1st Int'l Conf. Usable Security (FC 07/USEC 07), Springer-Verlag, 2007, pp. 356–361.
27 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool