This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
The Human Element of Information Security
Jan.-Feb. 2013 (vol. 11 no. 1)
pp. 32-35
Hugh Thompson, Blue Coat Systems
Information security has long hinged on trusted insiders' ability to make good decisions. However, modifying human behavior through training is difficult; some battle-worn security executives might even dismiss it as impossible. Although foundational controls such as antivirus, data leak protection, and firewalls are important, they're far from sufficient. The sharp rise in "knowability" of people at a distance raises an important question for the information security industry about the automation of personalized attacks: what happens when the marginal cost of launching a convincing personalized attack starts to approach $0? Today, most security controls are ignorant of rich historical data about the person they're tasked with protecting. As the cost for attackers to personalize their attacks goes down, our zeal in building technology to personalize defense must rise. This article explores our industry's need to embrace security's human element.
Index Terms:
Computer security,Information security,Human factors,Behavioral science,Decision making,Access control,security architecture,security,information security,social engineering
Citation:
Hugh Thompson, "The Human Element of Information Security," IEEE Security & Privacy, vol. 11, no. 1, pp. 32-35, Jan.-Feb. 2013, doi:10.1109/MSP.2012.161
Usage of this product signifies your acceptance of the Terms of Use.