BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

Advertisement

Promo

You are here: ZDNet UK > Community > (ISC)2 > Blog

Become a member of the ZDNet UK community

(ISC)2

Profile
Discussions
Contacts
Blog
Links
Reviews
Interests

Security Profession blog

Comment and discussion about the security industry of interest to the security professional. Blogs will be submitted by (ISC)2's management team and Advisory Board members.

Thursday 11 September 2008, 8:10 AM

The human factor will always get you

Posted by (ISC)2

I was reading an excellent article by Jason Holloway posted on the BCS Blogs concerning learning lessons from Monty Python and the Holy Grail. In it he refers to a number of situations in the film and relates them to situations in Information Security. It led me to thinking about how the Tom Cruise film “Minority Report” can also teach us information security professionals a lesson or two In this Steven Speilberg film, set in the future, criminals are caught before the crimes they commit. Tom Cruise plays an officer in the special “Precrime” unit that catches these future criminals. He finds that he is accused of one such crime and sets out to prove his innocence. In this futuristic state, individuals are identified wherever they go by their iris pattern. In order to evade capture Cruise undergos an eye transplant so that he can move about society without being captured.

What’s all this got to do with information security I hear you ask? Well an ex-colleague of mine at the Royal Bank of Scotland used to say that “Minority report” should be obligatory viewing for all information security managers. Why? Because later on in the film Cruise breaks in to his old unit and the way he does it is to use his “old” eyes that he has retained after the transplant as a means of access. As you probably realise, this worked successfully because his user id and access had not been removed from the system.

The lesson to be learnt here is that no matter how sophisticated the mechanisms we implement, without the appropriate manual controls they can always be circumnavigated.

John Colley, CISSP
Managing Director EMEA
(ISC)2

1 comment |
Post a comment |
TrackBack |
Clip Link

Share this post:

Comments on this post

And in reverse - we've just instituted a much more aggressive password retirement policy (ostensibly for compliance: I have my doubts). I've had my password expire on me twice now and been locked out - the first time repeatedly, because of an issue I won't go into here but which means more pain for me every time in future. The systems we use don't really understand that I may be working on any one of a number of devices (most certainly not limited to hardware that the company manages, or PCs at all) from anywhere on the planet.

And as for generating a new password I can remember - well, if there's anyone who doesn't either use a sequence which would be absolutely obvious to anyone except the computer, or write the thing down on a Post-It note, they're probably not really human. Exactly what is gained by me changing 54frogspawn to 55frogspawn to 56frogspawn every 90 days, I'm not sure - but I know my life is made marginally harder by this constant irritation in return for what is most probably an overall loss of security across the organisation. It certainly puts more stress on IT support.

It's not that I'm not security aware - quite the opposite; since my days as a teenage hacker, through the time I worked for a company making cryptographic thingies for people in funny hats, and into my journalistic career where I've taken coffee with Whitfield Diffie and his ilk, I've watched and engaged in the field with some glee. This stuff isn't working properly.

Updated by Rupert Goodwins on Sep 12, 2008 10:54 AM

To add a comment, fill out the form below

Alert me when my comment is replied to.

This member is ranked #77 in our top 100

(ISC)2
n/a
Member since: February 2008

View complete profile
Send private message
Add to my Contacts

Site Activity Rating

My Blog Archive

April 2008
May 2008
July 2008
August 2008
September 2008
February 2009

March 2009
May 2009
June 2009
August 2009
October 2009

Contacts

Number of Contacts: 1

View All My Contacts

Contacts' Latest Discussions

Number of Tracked Discussions: 122

Karen Friar

Thanks for the catch

Monday 2 November 2009, 6:00 PM

2 comments

Karen Friar

Disappearing comments and blog posts

Tuesday 29 September 2009, 9:36 AM

5 comments

Karen Friar

Windows 7 versus Vista, XP

Thursday 6 August 2009, 11:40 AM

1 comment

Karen Friar

Ten reasons open-source smart phones w...

Friday 24 July 2009, 5:44 PM

21 comments

Contacts' Latest Blogs

Number of Contacts Blogs: 1

Karen Friar

Guardian UK Jobs site hacked, user dat...

Sunday 25 October 2009, 12:12 AM

1 comment

Skip Sub Navigation Links to CNET Brand Links

Email address: Password:

Remember me

Become part of the ZDNet community.

Sign up now!
or Take a Tour

Mobility
- Mobile devices
- Mobile working
Security
- Security management
- Security threats
Desktop
Enterprise
IT Management
Networking
- Network management
- VoIP
Other Technologies
Server
- Server platforms
- Virtualisation
Web
- Online business

On the Road
Sentry Posts
Vista Upgrade
Uptime
Small Business
Homebrew Blog
Rupert's Diary
News
Reviews
Post Room
Not safe for work

Daily News
ZDNet Insight
ZDNetWeek
ZDNet Events
Mobile Update
Communications Update
IT White Papers
Security
Software Tools
Reviews & Prices
Netbuyer Best Deals
ZDNet Announcements
IT Jobs

ZDNet UK
CBS Interactive

Home
Site Map
RSS Feeds
Content Archive
Search Library
Membership
Log in
Register
Forgotten Password
Membership benefits
Newsletters
About Us
Contact Us
Find Us
Privacy Policy
Permissions and Reprints
International
Advertise
News
Hardware News
Software News
Communications News

Internet News
Security News
IT Management News
Emerging Technology News
Leaders
Blogs
Group Blogs
News blog
Reviews blog
Not Safe For Work blog
Rupert's Diary blog
Sentry Posts blog
Vista Upgrade blog
On The Road blog
Homebrew blog
Post Room blog
Uptime blog
ZDNet UK Staff Blogs
Rupert Goodwins
Charles McLellan
David Meyer
Tom Espiner
Colin Barker
Karen Friar

Core Techs Expert Blogs
Adrian Bridgwater
Manek Dubash
Jake Rayson
Sandra Vogel
Jonathan Bennett
Simon Bisson and Mary Branscombe
Tech Community
Top 100 ZDNet UK Members
My ZDNet Tour
Forums
Competitions
Community FAQs
White Papers
Most Popular white papers
Free Software Downloads
Windows downloads
Mac downloads
Mobile downloads
iPhone Apps downloads

Reviews
Hardware reviews
Accessory reviews
Audio reviews
Component reviews
Desktop reviews
Handheld reviews
Imaging reviews
Input Device reviews
Mobile Phone reviews
Monitor reviews
Netbook reviews
Networking reviews
Notebook reviews
Printer reviews
Projector reviews
Server reviews
Storage reviews
Software reviews
Content Creation reviews
Developer Tool reviews
Enterprise Application reviews
Operating System reviews
Productivity software reviews
Security reviews
Utility reviews

Editor's Choice reviews
Buyer's Guides
Tech Guides
Tech Resources
Company Pages
IT Jobs
Articles
Case Studies
Comment
FAQs Articles
Features
Image Galleries
Tutorials
Video stories
Research

Compare Prices
Laptop prices
Cheap Laptops
Desktop prices
Mac laptop prices
Mac desktop prices
Tablet PCs prices
PDA prices
Printer prices
Printer cartridges prices
Scanner prices
Monitor prices
Windows software prices
Server prices
Special Features
Broadband Speed Test
CIO Vision Series
Dialogue Box
Advertising Features
Parallelism Breakthrough Video Series
Intel Make the Case

United Kingdom
atlarge.com
BNET UK
CNET.co.uk
CNET.co.uk Reviews
CNET.co.uk Crave
CNET.co.uk Video
CNET.co.uk Check Prices
GameSpot UK
silicon.com
silicon.com Comment
silicon.com Management
silicon.com Hardware
silicon.com Software
silicon.com Networks
silicon.com Services
silicon.com White Papers

Europe
businessMOBILE.fr
CNETFrance.fr
CnetTV.fr
CNETGadget.fr
GameKult.com
GOOSTO.fr
MusicSpot.fr
ZDNet.fr
CNET.de
silicon.de
ZDNet.de

United States
BNET
CHOW
CNET.com
CNET Channel
Download.com
GameFAQs
GameSpot
mySimon
Search.com
TechRepublic
TV.com
UrbanBaby
ZDNet

Asia Pacific
businessMOBILE Asia
CNET Asia
CNET Asia TV
GameSpot Asia
ZDNet Asia
Apple Source
Builder AU
CNET.com.au
GameSpot AU
ZDNet Australia
CNET Japan
Japan ZDNet
GameSpot Japan
taiwan.CNET.com

Builder China
Cnetnews China
CWEEK China
Ea3w.com
Fengniao
GameSpot China
Netfriends China
PChome.com
PcPro China
Solidot.org
SPN China
XCar China
XiyuIT.com
ZDNET China
ZOL China

Copyright © 2009 CBS Interactive Limited. All rights reserved.

About CBS Interactive