Page 66 - Cyber Defense Magazine for August 2020
P. 66

executives is that security is a necessary evil because it is very difficult to measure budget performance
            and protection outcomes.



            Lack of cyber security ‘common sense’

            We often hear that ‘humans are the weak link in cyber security’ – usually meaning that they do ‘stupid
            things’ that unintentionally help hackers. Security controls (e.g. people, process, technology) exist to
            control security outcomes. They are largely intended to control humans from doing something or having
            access  to  something.  When  we blame humans as  the  weakest  link,  we are  simply pointing out that
            controls do not effectively control desired security outcomes. Largely, the people to blame here are not
            the ‘general workforce and public’ but the security practitioners whose job it is to produce controlled and
            expected outcomes. And for the challenges of effectively calibrating, gaining access to, and leveraging
            required skills, they are often the victims of their own vicious cycle.

            Programmatic and control cyber security performance is challenged because humans are the weakest
            link, just not in the way that cyber security experts are pointing their fingers.









            About the Author

            Douglas Ferguson, a security professional of over
            20  years,  is  the  Founder  and  CTO  of  Pharos
            Security. Pharos specializes  in  aligning  security
            goals and strategy to the business and a calibrated
            risk appetite, ensuring an integrated business plan
            and optimized operations build that to plan and on
            budget.
            Prior to Pharos, Ferguson was with Barclays Bank in London, where he was responsible for numerous
            security programs and initiatives across more than 40 countries. Previously, Ferguson was a Managing
            Consultant and researcher on the acclaimed X-Force at Internet Security Systems. He delivered security
            services to more than 200 clients globally and was a co-creator of the breakthrough System Scanner
            technology. Douglas can be reached online at [email protected] and the Pharos website:
            https://pharossecurity.com/











            Cyber Defense eMagazine – August 2020 Edition                                                                                                                                                                                                                        66
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   61   62   63   64   65   66   67   68   69   70   71