March 6 - cry-ber-security





◄ This amuses me - part of an advertisement by NZ farm supplies company FFM for their quad bike safety helmets ... but the principle applies equally to knowledge workers in any industry.













We used a similar concept for one of our social engineering awareness posters, emphasising the manipulation rather than protection ►



Earlier this week, Gelo asked on the ISO27k Forum:
"Based on ISO 270001 definition of Information Processing Facilities, can we consider a person as such? Considering that a person can process and store information in his mind?"
I replied:
"Before electronic computers, “computers” were people who computed. So yes Gelo, we can. People generate, store, process, use and communicate information."
That is my cue for yet another dig at the cybersecurity movement. Do humans even feature in the myopic tech-centric world of those self-anointed cybersecurity experts? Would hard hats, other Personal Protective Equipment and Health and Safety appear on their list of valuable controls? Nah. They would (and sometimes do) look at me as if I'm from another planet when I dare to mention the idea, or have the gall to ask them to explain 'cyber'. But in Gary's World, computers are designed, operated, managed and secured for the people, by the people. Most if not all of the 'threat actors' that the cyber-crowd obsess about are humans. Ignoring human factors is krazy ... and I find it ironic that what has become an industry-wide problem lies with the very people who are supposed to be identifying and dealing with 'cyber risks'. 

It'll end in tears I tell you.