govciooutlook
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
NOVEMBER 2023 19GOVERNMENT CIO OUTLOOKHUMAN FIREWALL: IS MORE THAN AWARENESS TRAININGDavid C. Witte, Information Security Manager, Jackson County, MissouriByalamity Carl, Acme Corp's most distracted accountant, was having a doozy of a day. First, he unwittingly held the door open for some `visitors' ­ who turned out to be corporate spies. Later, amidst thoughts of doughnuts, he left the employee payroll sheet on his desk for all to see. But the cherry on top? He got an `urgent' email from the `CEO.' Smiling proudly, he bought $1000 worth of gift cards and sent the codes. When colleagues found out, they shook their heads. "Oh, Carl!" they sighed. "Maybe it's time for a cybersecurity course, or two!"For Calamity Carl to have that bad of a day, Acme either needs a security program, or its program needs to be more mature. Companies like Acme can use the CIA triad as a lens through which to view cybersecurity problems. Organizations can achieve a balanced security posture, addressing the immediate vulnerabilities and their digital infrastructure's predominant health and resilience. Building an effective human firewall is one such problem.In information security, the term `firewall' traditionally denotes a network security device or software designed to oversee information traffic based on a predetermined set of security rules. However, a simple human error can defeat the best firewall as threats have evolved. The phrase `human firewall' has been around for a long time and is often misused, so it is essential to understand what the human firewall encompasses and, just as importantly, what it does not.The human firewall is the frontline against potential cyber threats. It reflects the knowledge, alertness, and behavior of individuals who, when informed, can recognize, and react to anomalies, phishing attempts, and dubious activities. It goes beyond just knowledge, embedding security into the very fabric of an organization's culture.A single training session or seminar does not create a human firewall. Even the best-trained individuals can make mistakes. Relying solely on the human firewall without the support of robust technical controls can introduce vulnerabilities. Recognizing the capabilities and limitations of the human firewall is crucial in the ever-evolving world of cybersecurity, showcasing the blended might of technology and human insight in countering the diverse threats of the information-driven environment.The CIA security triad remains a foundational construct in cybersecurity, highlighting the three pivotal principles of information security: Confidentiality, Integrity, and Availability. It encapsulates what institutions should protect against an ever-evolving threat landscape. Yet, as with many advanced systems, the human component is often the weakest link, but it also holds the potential to be the most robust line of defense. Building a human firewall--educating and equipping every member of an organization to be vigilant against security threats--can amplify the robustness of these three principles. cDavid C. WitteINSIGHTSCXO
< Page 9 | Page 11 >