Human factor security issues
Security of our valued information and system assets depends very much on the people that are responsible for handling the assets. Users who are responsible for managing, operating and administering these assets are responsible for their safety, security and survivability. Unfortunately, people are not perfect in handling information assets. Users cause harm to systems accidentally. For instance, omission of data backup may lead to accidental harm, likewise, accidental deletion of files or folders may leave a system unable to load useful system files or operating system files... as a result unable to operate within acceptable standards, acceptable performance, or may fail to start.
Human factor ranges from inadequate care provided to a system from those who are responsible for its protection, to accidental harm caused by those who are not 'directly' involved with its protection. For example, a casual staff (cleaner) who's asked to vacuum clean a network node may accidentally disconnect or damage a network cable.
Accidental harms can come from both expert users of the system and inexperienced users alike. For instance, an experienced network engineer could accidentally plug a network cable to a wrong port or propagate disparate routes to the global routing table causing the performance of the network to deteriorate.
Human factors can be mitigated by having several controls. Most of these controls are administrative and technical. For example, an enterprise should have a change control and advisory board that must assess all changes before they are implemented. This is control to minimise problems caused by people. Again, there should be a supervisor monitoring casual workers when they are working in areas of high technical demands, such as network nodes, cabinets etc.
An enterprise must have laid down policies and operating procedures which must be followed by all personnel in charged with the delivery of its services.
Finally, there are several controls that can be used by an organisation to minimise human factor issues, most of these controls centre around due care.
Human factor ranges from inadequate care provided to a system from those who are responsible for its protection, to accidental harm caused by those who are not 'directly' involved with its protection. For example, a casual staff (cleaner) who's asked to vacuum clean a network node may accidentally disconnect or damage a network cable.
Accidental harms can come from both expert users of the system and inexperienced users alike. For instance, an experienced network engineer could accidentally plug a network cable to a wrong port or propagate disparate routes to the global routing table causing the performance of the network to deteriorate.
Human factors can be mitigated by having several controls. Most of these controls are administrative and technical. For example, an enterprise should have a change control and advisory board that must assess all changes before they are implemented. This is control to minimise problems caused by people. Again, there should be a supervisor monitoring casual workers when they are working in areas of high technical demands, such as network nodes, cabinets etc.
An enterprise must have laid down policies and operating procedures which must be followed by all personnel in charged with the delivery of its services.
Finally, there are several controls that can be used by an organisation to minimise human factor issues, most of these controls centre around due care.
posted by Cyril at 1:12 AM
0 Comments:
Post a Comment
<< Home