Human Factors

So… about 50% of security events require some human level of interaction to be successful; this is an unpleasant reality, technology, at the moment, just isn’t smart enough, to deal with a user who isn’t aware… It’s difficult to have digital solutions to analogue problems…

I commute into London on a regular basis, and this morning I was sat between two people using their computers for business, one from commercial organisation and one from a public sector organisation, both were processing in clear sight information that was sensitive to their organisations, predicted sales for the commercial employee and a draft policy document for the public sector employee, I will let the reader judge if that is sensitive or not, but to me it was interesting reading.

If the screen can display it and I as a user choose to display it then anyone who can see the screen can see the data… so whilst it’s convenient to work on the train, I do it, am doing it as I type, I tend not to work on sensitive material… My PC is secure, but, it wont stop someone “shoulder surfing” my screen.

The technology wont fix this problem, we need to teach the user how to behave, it needs to be driven into the culture of our organisations from the top, and if its not… well then the technology is almost not relevant.. sure technology will get better, and sure you can minimise the risk by architecting the technology in a sensible way, the user must be informed on how to manage risk…

Advertisements

2 Responses to “Human Factors”

  1. It is interesting that as mobile devices improve (better readability, improved reading angles, longer battery life) the security risks increase. Perhaps we will see innovation in this area in future so that screens can control the degree of readability (akin to adding a privacy screen), or privacy software that highlights only small portions of text making shoulder surfing less valuable.

    Perhaps we need to look to the consumer world to lead this.

    ‘Now available, a screen that allows you to safely read 50 Shades of Grey without being judged by other passengers’

  2. A few years back I learnt of the planned closure of a local school – I read all about it while on a train to London, from the screen of an official from the local council preparing for a meeting at the Dept of Education.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: