Humans may be the weakest link in securing information systems, according to a panel of experts at the Computer Security Institute (CSI) conference in Washington last week.
A panel during one of the conference's sessions was dedicated to examining the role that people play in securing digital information. CSI is a membership organisation that provides training and events related to information security.
Senator Bob Bennett, a Republican from Utah who is a member of the Republican High Tech Task Force, introduced the session by calling on the audience of security professionals to make contributions to their company's information security that go beyond technology and engineering. "Computers can't protect, only people can protect," he said.
Specifically, Bennett urged the audience to convince their company executives that data is as important to a business as capital is. "Business has to start to think of data with the same reverence that it thinks of money," Bennett told the audience, many of whom nodded their heads in agreement.
A company's chief financial officer builds layers of control around handling money, such as having more than one person sign cheques or hiring outside firms to perform audits on accounting books. "There are redundancies to protect the money - we need the same kind of attitude to protect data," he said.
The senator asked the audience to make their companies' executives realise this, by coming out of "Nerdville" and demonstrating that their concerns about information security are rational and appropriate.