Thornton A. May: Can infosec cure stupid?

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Is the world digitizing faster than we can handle it? As a very frequent flier (I'm on a plane about 280 days a year), I find that on just about any flight (you name the continent), in just about every row, passengers of every generation are actively engaged with a vast variety of digital apparatuses to either increase stimuli (music, video, e-books), reduce stimuli (the blessed Bose noise-canceling earphones), buy or sell something, or get work done.

But despite the ubiquity of the devices, hardly any of these people understand how all this gear works, where all the data that makes this magic happen comes from, how to fix things when they break and the implications of our technology usage behaviors on information security and privacy. This is the bomb that's ticking away in every infosec manager's nightmare: user ignorance. The question facing not just chief information security officers but all of us is, "How do we fix stupid?"

My colleagues in academia and my handlers at Computerworld quite rightly counsel me not to throw around the word stupid in print or online. Sometimes, though, no other word suffices. What other term can be applied to the employees and contractors at the Pentagon's Missile Defense Agency (MDA) who were "chided for using government computers to surf porn"?

To continue reading this article register now

Shop Tech Products at Amazon