As one of the components of an information system, does the user component need more security emphasis than attackers? As many suggest, the human aspect is the weakest link in an organization’s information security because users interact with an information system both inside and outside the organization. An article posted recently on TechJournal South seem to imply that we should put more emphasis on the human aspect instead of attackers.
Even though TechJournal’s approach is valid, I think that a balance should be struck between the two. Rather than applying an across the board rule to stress either the user or attacker more, organizations should instead apply focus based on the risks they face.
Computer security experts have long pointed out that human beings are often the weak link allowing cyber attacks to succeed. Now, researchers at the Maryland Cybersecurity Center have reaffirmed that security measures must aim at users, not just attackers. ”Users expose the network to attacks,” one said.
In a unique collaboration, an engineer and a criminologist at the University of Maryland, College Park, are applying criminological concepts and research methods in the study of cybercrime, leading to recommendations for IT managers to use in the prevention of cyber attacks on their networks.
Michel Cukier, associate professor of reliability engineering at the A. James Clark School of Engineering and Institute for Systems Research, and David Maimon, assistant professor of criminology and criminal justice in the College of Behavioral and Social Sciences, are studying cyberattacks from two different angles – that of the user and that of the attacker. Both are members of the Maryland Cybersecurity Center.
Their work is the first look at the relationship between computer-network activity patterns and computer-focused crime trends.
Please let us know what’s your take on this topic? Today’s post image is from ManageEngine.com