Trust Economics

A recent Network World article rounds up a number of experts from the field of information security to discuss some of the prevailing beliefs that they encounter. The article covers a series of interesting topics, such as regulatory compliance (“You can be extremely secure but not compliant. Just as you can easily be compliant but not secure.”), the virtues of open source software, and the measurement of security Return-on-Investment (ROI).
One particular section focuses on the training of employees to behave in a more secure manner. As one of the experts, the 451 Group’s Nick Selby, points out: “… resisting social engineering is really, really hard, as most people you’d want to hire are socially disposed to try to be, at the very least, helpful”. If the goal of an organisation is to train their staff to behave in a more predictable and security-conscious manner, care should be taken so as not to stifle the ‘human factor’ altogether (e.g. unpredictable behaviour doesn’t necessarily always produce bad results). It is often this same ‘human factor’ that is relied upon to further the prospects of the organisation.