Securing People for Secure Data

All computer systems rely on human manipulation. Unfortunately, this degree of human interaction results in vulnerabilities being introduced into computing networks, whether intentional or otherwise. The complexity and sophistication of technology is still at the mercy of human manipulation.

People as developers, design the system to comply with a specific purpose. However, mistakes do occur. Most of these may be caught during the testing phase of the program but many become security vulnerabilities which may require after sales upgrades or security patch.

In the building phase, people build systems and networks according to developer's design, but as with all things material, they are still subject to human flaws. Configuration vulnerabilities arise from these errors due to human imperfection.

People as end users accidentally or may knowingly interact with a system and cause circumvention vulnerabilities. People as a general rule just want to get their jobs done and do not deal well with the frustrations of an uncooperative computer. This is why we often disable or ignore alarms; we often do not know how to deal with them. Some may be genuinely willing to more proactive in their work, but may simply be ambivalent when facing these conditions.

Data security works because it trusts the protection and authenticity of the people who use it. Otherwise it would be so secure that it would not allow anyone inside the network, making it variably useless. Security controls exist to let authorized people into the system.

But unauthorized access of hackers gain access through circumventing these controls by taking advantages of the flaws in the system as introduced above. Properly securing these people would result in more secure data. Educating people about their own vulnerabilities as well as making them aware of the need for data security vigilance would help reduce the risk of the data security risks.

Planned awareness campaigns and reviewing/ implementing due processes and procedures can help to build a more secure network of people. Develop security policies and do the requisite training for effective results. Policies and process will not be enough to develop fool-proof workers. Ongoing education and training will be needed to keep people update with changing technological trends. We may never achieve human perfection, but a little behavioral reengineering can go a long way in the internet security world. Social engineering is more than just planned behavioral guidance, it is a tool for getting people to comply with policies and procedures.