Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Nov 21, 2006

SANS (finally) recognizes the human factor

The latest SANS Top 20 hotlist of information security vulnerabilities at last includes "humans" on the list of horrors alongside the usual range of Windows, UNIX and other technical security weaknesses. SANS specifically identifies the vulnerability to 'spear phishing' (i.e. highly targeted phishing/spoof email attacks), which is of course just one of a very large class of potential vulnerabilities. According to a recent article in Infoworld, SANS' Allan Paller feels that, in the face of ever increasing security threats (agreed), technical information security is improving (possibly true) whilst human being remain as weak as ever (hopefully not for NoticeBored customers!). Some of us have been saying that for years, and rather than simply 'blaming' users for being naive, a few of us are even doing something about it ...
More security awareness resources