Issue No.01 - Jan.-Feb. (2013 vol.11)
Hugh Thompson , Blue Coat Systems
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.161
Information security has long hinged on trusted insiders' ability to make good decisions. However, modifying human behavior through training is difficult; some battle-worn security executives might even dismiss it as impossible. Although foundational controls such as antivirus, data leak protection, and firewalls are important, they're far from sufficient. The sharp rise in "knowability" of people at a distance raises an important question for the information security industry about the automation of personalized attacks: what happens when the marginal cost of launching a convincing personalized attack starts to approach $0? Today, most security controls are ignorant of rich historical data about the person they're tasked with protecting. As the cost for attackers to personalize their attacks goes down, our zeal in building technology to personalize defense must rise. This article explores our industry's need to embrace security's human element.
Computer security, Information security, Human factors, Behavioral science, Decision making, Access control, security architecture, security, information security, social engineering
Hugh Thompson, "The Human Element of Information Security", IEEE Security & Privacy, vol.11, no. 1, pp. 32-35, Jan.-Feb. 2013, doi:10.1109/MSP.2012.161