The human factor

There isn’t a patch for human fallibility and there’s no patch against human ingenuity. I attended an ISSA-UK event at Bletchley Park last Thursday and the contribution the men and women who worked there made to the war effort cannot be overstated – it’s estimated the codebreakers of Bletchley shortened WWII by 2 years.

The principles of information security are centred around confidentiality, integrity and availability and each principle is a balancing act between people, processes and technology. People are an organisation’s most important asset and yet the tendency is for organisations to go top heavy on the technology and processes at the expense of an effective security awareness training program.

In World War II, Hitler used the Lorenz machine to encrypt communications with his generals because he didn’t trust the Enigma machine. The latter used 3 rotors to encrypt plain text while the former used 12. In an ideal world, the Lorenz encrypted messages should have been unbreakable, but human error (retransmission of a message using the same encryption key) meant the allies were able to read all Hitler’s communiqués as if they had been written on a postcard.

Information Security is the responsibility of everyone in the organisation and an effective security awareness training program must be supported at board level and rolled out to employees, contractors and third party suppliers.

What do you think?

0 points
Upvote Downvote

Written by Robert

Robert Alai is a respected Kenyan blogger, technical evangelist, and social justice activist. Robert is known for his hard-hitting articles and opinions disseminated through his Twitter handle or Facebook page. he is the founder of KahawaTungu.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.






Kenyan Advertisers Finally Embracing Social Media and Mobile

Business Software Alliance and IDC study shows software piracy rate hits 83% in East & Southern Africa