The Human and Technology - Both Are Needed

Technology will not completely secure us in spite of what some vendors tell us. The way in which we use this technology has a large effect on the security level we can attain. But social engineers and others are putting great effort to defeat these technical controls but hacking the people directly. Sometimes the attacker has to only ask for the information and it is readily given out. No technical appliance can prevent that.

While security awareness will never be fully sufficient to secure information it is a fundamental in the information security process. By making people aware of information security and the vital part they play in it, this will go a long way as a full partner with technological appliances to secure what is needed. Technical controls and non-technical controls go hand-in-hand, are supportive of each other, and both are required to be successful.

If we buy a security appliance and place it on-line straight out of the box we are completely defeating its purpose. This is where the vendors, sales and technical reps, have an important role. It is imperative that they educate the customer and make them aware of what can happen if the appliances are not properly configured. While they cannot force the customer to secure the device, using it securely, they can practice security awareness buy educating the customer.

In risk management people are a large source of information security vulnerabilities. This can happen by exposure of passwords, not securing computers, giving out information without thinking, having visitors or service agents move around unescorted. There a myriad of other possibilities where valuable information can be lost or compromised. The solution for this is SECURITY AWARENESS, but you must remember it is NOT a 100% foolproof solution.

Information security is both a human and technical responsibility. Those who are truly serious about information security need to treat both equally along with the physical aspects of security in a concerted effort towards the main goal and responsibility of properly securing information to the best or our abilities. We need to create a culture and mindset of security as part of a continuing and ongoing program as we need to maintain the vigilance of our employees.