Infosec failures are plentiful. Not a day goes by that we don’t face-palm or head-desk at how somebody else just did it wrong. Cryptography is implemented in the wrong way; systems are not updated; developers introduce command-injections or upload their keys to GitHub; and users reliably select the least secure defaults your interface will allow.
Vendors sell us technical solutions, and we build tools and process data as if the problem could be solved with simple Vulcan logic. We even pretend secure systems could actually exist if only everybody else would listen to us.
But this hasn’t worked out quite so well for us, has it? Jan Schaumann explains that it’s time we come to terms with the fact we can’t solve the (infosec) world’s problems until we understand how people interact with the systems we build. Information security is, at its heart, a people problem. We need to focus on the human component and understand the choices people (of all traits and in all interactions) make. Jan underlines and illustrates this important lesson and helps you better assess your security posture, as well as how you spend your scarce resources to fix what really matters rather than chase after the latest OpenSSL vulnerability.
Jan Schaumann is an infrastructure and information security engineer and an adjunct professor of computer science. Jan has over 15 years of experience in both small-scale deployments and enormous high-availability infrastructures serving millions of users. Today he spends most of his time worrying about online privacy and infrastructure security and integrity. You can follow him on Twitter as @jschauma.
Comments on this page are now closed.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com