Should Cyber Security Focus More on Users?

As one of the components of an information system, does the user component need more security emphasis than attackers? As many suggest, the human aspect is the weakest link in an organization’s information security because users interact with an information system both inside and outside the organization. An article posted recently on TechJournal South seem to imply that we should put more emphasis on the human aspect instead of attackers.

Even though TechJournal’s approach is valid, I think that a balance should be struck between the two. Rather than applying an across the board rule to stress either the user or attacker more, organizations should instead apply focus based on the risks they face.


Computer security experts have long pointed out that human beings are often the weak link allowing cyber attacks to succeed. Now, researchers at the Maryland Cybersecurity Center have reaffirmed that security measures must aim at users, not just attackers. ”Users expose the network to attacks,” one said.

In a unique collaboration, an engineer and a criminologist at the University of Maryland, College Park, are applying criminological concepts and research methods in the study of cybercrime, leading to recommendations for IT managers to use in the prevention of cyber attacks on their networks.

Michel Cukier, associate professor of reliability engineering at the A. James Clark School of Engineering and Institute for Systems Research, and David Maimon, assistant professor of criminology and criminal justice in the College of Behavioral and Social Sciences, are studying cyberattacks from two different angles – that of the user and that of the attacker. Both are members of the Maryland Cybersecurity Center.

Their work is the first look at the relationship between computer-network activity patterns and computer-focused crime trends.

Continued here.


Please let us know what’s your take on this topic? Today’s post image is from

2 comments for “Should Cyber Security Focus More on Users?

  1. Dr. Cruise
    December 8, 2011 at 2:17 pm

    Hello Judy:

    Your suggestions for a balanced approach to this issue as well as for organizations to focus efforts based on risks germane to their environments are quite thought provoking. Could you provide an example of what a balanced approach might look like based on a specific risk?

    Thank you for sharing.

  2. December 9, 2011 at 12:26 pm

    Dr. Cruise.

    A more balanced approach of mitigating security risks originating from either users or attackers would require an organization to employ a defense-in-depth strategy. This method focuses on several prevention mechanisms, not just a single one. For example, an organization can implement strategies such as intrusion detection system, antivirus software protection, password security, physical security, biometric system and so forth. I believe that focusing on various strategies to prevent exploits from both users and attackers ensures that security is maintained at all levels in the company.

    Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *