Infosecurity Professional - Issue 9 - ISC
Infosecurity Professional - Issue 9 - ISC
Infosecurity Professional - Issue 9 - ISC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
I LLUSTRATION BY E UG E N P/SH UTTE RSTOCK<br />
Sherri Davidoff used to rob banks. She’d get up in the morning, put on a nice<br />
business suit, walk into the heavily secured offices of large financial institutions and<br />
walk out—through the front door—with their computers.<br />
Davidoff isn’t a felon, however; she’s a principal in the Montana office of Lake<br />
Missoula Group LLC, a security consulting firm specializing in penetration testing,<br />
forensics, network assessment and security awareness training. Her “thefts” were<br />
tests of the strength of banks’ security systems, and they serve as a reminder of just<br />
how weak those systems can be.<br />
One day, technology may make it impossible for a thief to pick up and walk off<br />
with a computer. That fact doesn’t necessarily mean future computers will be any<br />
more secure than today’s are. That’s because there’s something technology can’t control:<br />
the human element.<br />
“Technology for the most part doesn’t fail,” says Dow Williamson, CISSP, CSSLP<br />
and executive director of SCIPP International, which develops, delivers and manages<br />
security awareness credential and certification programs. “It’s the human being<br />
that causes the problem,” he says.<br />
The human concept of acceptable behavior, for example, played a big role in the<br />
success of Davidoff ’s bank larcenies. “We’ve been trained since we were young to<br />
hold the door for people,” she says. “We feel bad letting [it] slam on them.” Likewise,<br />
it can feel awkward to confront a young, well-dressed female who looks like she<br />
8 INFOSECURITY PROFESSIONAL ISSUE NUMBER 9