Security Profession blog
Comment and discussion about the security industry of interest to the security professional. Blogs will be submitted by (ISC)2's management team and Advisory Board members.
Thursday 11 September 2008, 8:10 AM
The human factor will always get you
I was reading an excellent article by Jason Holloway posted on the BCS Blogs concerning learning lessons from Monty Python and the Holy Grail. In it he refers to a number of situations in the film and relates them to situations in Information Security. It led me to thinking about how the Tom Cruise film “Minority Report” can also teach us information security professionals a lesson or two In this Steven Speilberg film, set in the future, criminals are caught before the crimes they commit. Tom Cruise plays an officer in the special “Precrime” unit that catches these future criminals. He finds that he is accused of one such crime and sets out to prove his innocence. In this futuristic state, individuals are identified wherever they go by their iris pattern. In order to evade capture Cruise undergos an eye transplant so that he can move about society without being captured.
What’s all this got to do with information security I hear you ask? Well an ex-colleague of mine at the Royal Bank of Scotland used to say that “Minority report” should be obligatory viewing for all information security managers. Why? Because later on in the film Cruise breaks in to his old unit and the way he does it is to use his “old” eyes that he has retained after the transplant as a means of access. As you probably realise, this worked successfully because his user id and access had not been removed from the system.
The lesson to be learnt here is that no matter how sophisticated the mechanisms we implement, without the appropriate manual controls they can always be circumnavigated.
John Colley, CISSP
Managing Director EMEA
(ISC)2
What’s all this got to do with information security I hear you ask? Well an ex-colleague of mine at the Royal Bank of Scotland used to say that “Minority report” should be obligatory viewing for all information security managers. Why? Because later on in the film Cruise breaks in to his old unit and the way he does it is to use his “old” eyes that he has retained after the transplant as a means of access. As you probably realise, this worked successfully because his user id and access had not been removed from the system.
The lesson to be learnt here is that no matter how sophisticated the mechanisms we implement, without the appropriate manual controls they can always be circumnavigated.
John Colley, CISSP
Managing Director EMEA
(ISC)2
