Tuesday, January 8, 2019

Humans - A Weakest Link to Security

Humans are considered a weakest link in security. Reasons being

  1. Humans are involved throughout the development, deployment, and ongoing administration of any solution
  2. No matter what physical or logical controls are deployed, humans always finds ways to avoid them, circumvent or subvert them, or disable them
To effectively countermeasure this weakest link following things needs to be considered
  1. Security Policies and Procedures for Hiring and Firing. Policies and procedures for various steps like Hiring, Termination. Hiring will require proper policies for Job Description, classification of job, screening and training. While termination or firing requires proper exit interview, NDA (non disclosure agreement), NCA (non competent agreement) etc.
  2. Separation of Duties
  3. Job Rotation

No comments:

Post a Comment