Tuesday, May 01, 2007

People vs Technology vs People

Here is an interesting flip on the usual "people vs technology." Joanna points that recently way too much focus was on the people side of the security equation and many started to think that "the only problem in the security field that mankind is facing today is… that we’re too stupid and we do not know how to use the technology properly."

Guess what? If you have a perfect security awareness program and all your IT users are ex-NSA "security conditioned" personnel, you can still get owned thru a 0day. Yes, even though it will sound painfully obvious to many, "even if we were perfectly trained to use the technology and understood it very well, we would still be defenseless in many areas."

Also, lately I've been reading a bit on risk management and thus seeing the words "risk assessment pseudo-science" probably made her post even more appealing to me :-)

Dr Anton Chuvakin