Archive for the Uncategorized Category

Human Factors

Posted in Uncategorized on 10 Jul 2012 by Stuart Aston

So… about 50% of security events require some human level of interaction to be successful; this is an unpleasant reality, technology, at the moment, just isn’t smart enough, to deal with a user who isn’t aware… It’s difficult to have digital solutions to analogue problems…

I commute into London on a regular basis, and this morning I was sat between two people using their computers for business, one from commercial organisation and one from a public sector organisation, both were processing in clear sight information that was sensitive to their organisations, predicted sales for the commercial employee and a draft policy document for the public sector employee, I will let the reader judge if that is sensitive or not, but to me it was interesting reading.

If the screen can display it and I as a user choose to display it then anyone who can see the screen can see the data… so whilst it’s convenient to work on the train, I do it, am doing it as I type, I tend not to work on sensitive material… My PC is secure, but, it wont stop someone “shoulder surfing” my screen.

The technology wont fix this problem, we need to teach the user how to behave, it needs to be driven into the culture of our organisations from the top, and if its not… well then the technology is almost not relevant.. sure technology will get better, and sure you can minimise the risk by architecting the technology in a sensible way, the user must be informed on how to manage risk…

%d bloggers like this: