Home > Articles > Cisco Network Technology > General Networking > Building a Human Firewall: Raising Awareness to Protect Against Social Engineering

Building a Human Firewall: Raising Awareness to Protect Against Social Engineering

Article Description

Never heard of the human firewall? The concept behind it is to build a persistent consciousness about information security in the minds of the information system's users so they won't make errors or misbehave when dealing with information. In this article, Thierry Wohnlich proposes an alternate view of information security awareness, a view that takes into consideration the reasons behind the need for awareness, and discusses the role of the individuals in relation to information technology.

Like this article? We recommend

Penetration Testing and Network Defense

Penetration Testing and Network Defense

$57.59 (Save 20%)

Building Blocks of the Human Firewall

A company is a melting pot of skills and competencies. It is important to segment the audience of security awareness to deliver a message tailored to each part of the audience. Basic segments, apart from all end users of the company, are the executives because they drive changes—as well as the IT team and the security team.

The Foundation of the Human Firewall Lies in Security

Everyone agrees that only a clear message results in effective communication. However, as amazing as it appears, experience (as in what is happening on the field as opposed to what is written in the books) shows that the basic concepts of security are subject to discussion within a single security team.

As an example, although policies, standards, and guidelines have clear directive roles within a security framework, they often are the center of debate to know whether a control should be addressed by a policy, a standard, or a guideline. Such internal misalignment results in a lack of consistency in the voice of security.

IT Teams are the Front Line of the Human Firewall Architecture

Human firewall often refers to the end user, but the first line of defense is actually the stakeholders of the information technology processes, which are the DMZ of the human firewall architecture.

The stakeholders provide and support the services, yet do not necessarily have the skills, time, and visibility to think about and apply security. This is a primary audience for awareness.

4. Security Awareness: The Poor Parent of Computer Security | Next Section Previous Section