| |September 20179CIOReviewsystem. If our objective is to protect information, then instead of being seen as a strong tool against attacks, our human traits in fact make us part of the security problem. On the other hand, a computer system, or in general, any automated system, is capable of following a set protocols & procedure to an exacting degree of precision, repeatedly, consistently, predictably & reliably; something that is a boon to information security. It is natural that we prefer computers over humans. Info Sec Professionals have become so confident in the dependability of computers that we will gladly replace a human with a machine. A machine, after all, does not make mistakes, it does not get tired, it always responds in a manner that it has been designed to, it adheres to its algorithm; and basically a machine will do exactly what it has been `taught' to do. Can Humans be our Strongest Link?It is common to use technology in information security systems. Heuristics-based systems are employed regularly in our protective perimeter, and with the advent of AI which applies machine-learning techniques, it is logical to assume that the future of information security lies in fully automated systems, which are capable of responding to almost all kinds of threats.While there is no doubt that recent advances in AI have been significant and impressive, there have been some major and risky incidents in the field of AI in 2016 alone.· An AI designed to predict recidivism acted racist· AI NPCs (Non-Playable Characters)in a video game designed unauthorized super weapons· A patrol robot collided with a child· World champion-level Go-playing AI lost a game· A self-driving car had a deadly accident· AI designed to converse with users on Twitter became verbally abusiveWhile automated systems, specially the `smarter' ones, have come a long way, they still tend to lack maturity. They are designed and trained by programmers who have till now been unable to suitably, and comprehensibly, define the entire `universe' of information security to them. Without a complete understanding and knowledge of this InfoSec universe, it is near-impossible for a computer to deal with new and unforeseen threats. While they may be able to deal well with known issues, when a situation is new altogether, these computers need a human to make qualitative decisions for them. This is analogous to the need of human pilots in aircrafts even though most of the flying is done by computers today. Those same traits of humans, which make them appear `weak', sometimes end up becoming a necessity in the field of security.The Right Weapon for the Right BattlesWhile attacks are carried out using powerful computers & ingenious code, a hacker is still simply a malicious human; one who can think, adapt, become excited, display initiative, and be emotionally invested. Consequently, it is in our best interest to fight that human with a weapon which is equipped with similar traits & qualities, albeit is someone who has been made stronger with the help of training & technology. While there is no doubt that humans are weak in several ways, there are still those who can be trained better, be given an opportunity to form good infosec habits, and be provided with tools necessary to overcome their shortcomings. While we should not undermine the importance of, and reliance on, automated systems, the purpose of all security systems should be to strengthen security by helping humans to make good decisions. We should not exclude ourselves from the security perimeter, but build mechanisms which include us as an asset to security.Information Security Ensuring Sustained BusinessThe strength of a product lies in serving business objectives, which is provided by build stability along with reliable information security (both intellectual & data), and effective infosec processes which are ultimately run by empowered humans. Clients need these to rest assured that their business continues without having to constantly worry about the next cyber-attack.The best way to execute information security is when it remains covert, stays one step ahead of these attacks, adheres to reliable and tested security frameworks, and employs technology in a manner that permits humans to become the strongest link in the information security chain; thus allowing client business to continue uninterrupted, and for business owners to focus on their growth strategy. The strength of a product lies in serving business objectives, which is provided by build stability along with reliable information security
< Page 8 | Page 10 >