When it comes to securing computers, networks and information you may think that there isn’t much to it. In some respects, you would be quite right too (though the level of training and expertise required to be competent in this area most definitely shouldn’t be underestimated). After all, computers are logical devices and you typically get out what you put in. The most commonly used attacks are, after a while at least, known well enough that certain defences can be put in.
But there is another element to security which is somewhat more random and that is the humble human being. As great as we are, and as much as we like to think we are perfect, we are actually deeply flawed creatures who do not always behave in the most expected of ways.
Take, for example, the case of Riley Mullins.
It has been widely reported today that Mullins allegedly took a liking to a woman’s purse and iPod after seeing her seated outside Bermerton ferry terminal on Tuesday. According to reports, he whacked her on the head and made off with her stuff.
If the story ended there it would just be another case of anonymous street robbery, but it is alleged that Mullins, who hadn’t been recognised by the victim, sent the woman a friend request on Facebook the next day. Unfortunately for him, a picture on his Facebook page displays a distinctive triangular tattoo he has on his neck which, as it happened, was the only feature his victim had noted when she was mugged.
So, if Mullins really did try to befriend his alleged victim, what can he teach us about security?
If you sit on the wrong side of the fence then I’m sure you will realise that publicising your misdeeds is never a good idea under any circumstances.
Contrarily, if you are one of the good guys then Mullins’ reported misdeeds should serve as a reminder that the human element within any scenario can never be counted upon to act in any given way. There is always the possibility that a person could act out of character, or simply in a way that you haven’t anticipated. Policies and procedures only serve to keep people in check to varying degrees and I’m sure we all know some users who overlook or skirt around such things anyway.
Thats why securing the human is not only a key component of the security mix, its also one of the hardest elements to get right.
How do you secure the human aspect within your organisation?