Thursday, 11 December 2008

Who can you trust part 2

A while back I was invited to participate in a panel at a security conference. One of the things we discussed was how to treat the fact that human beings are security risks. I have been in many discussions like that before but this one was different. Usually the consensus is that users have to be trained in security so they do not do any mistakes. This in a way puts the blame on the users if anything goes wrong. Now the conclusion was different. Even if the users fail the security systems has to work. I think that this is a break-through in the IT world. In other parts of our life we already see this trend, cars is a good example. Cars gets safer and safer, roads get safer and safer and we have regulations so people at least know how to behave. People makes mistakes and sometimes they even commit crimes, we in the industry need to prevent mistakes to cause security breaches and to prevent crime. We need to have less technology focus and accept that people are people and make life easier for them.

No comments: