Your day job is about security, and like most CSOs out there, you have a IT background. Most likely, you are still quite handy with the tech, and if forced to, you are able to set some firewall rules, and possibly even change a routing table or two.
You are likely to have picked up on the trend that people are the weakest link in your security chain, and you most probably have some sort of user awareness training in place. You know it is important, and everybody does it, at least that is what your training supplier tells you. And you can tick that box off on your compliance sheet.
Like many other CSOs, you are also likely to not have reached the level of user awareness you imagined and hoped for, and you may have reached the level of frustration of Dave Aitel, who last year went all out and said that "You should not train employees for security awareness".
The human mind has many flaws. Yours does, and mine does too. We are jumping to conclusions without considering all the relevant information. We are constructing facts from fiction, because it makes us able to do what we want, not what is right. We are extremely vulnerable to peer pressure. We are blind to things we do not know about.
This implies that even if you know a lot about security, you are likely not to know a lot about people, how they function, and how groups form and interact. You may (and probably do) think that you know a lot about people. Consider this, then: do you have a minor, or a major, in a social science? Do you know what social science is, anyway?
Social sciences is a collective term describing the different sciences about humans, human interaction and groups, including (but not limited to):
- Social anthropology
- Organizational theory.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.