infosec-news September 2010 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Intel CISO: The biggest threat to security i

[ISN] Intel CISO: The biggest threat to security is a misperception of risk

From: InfoSec News <alerts_at_nospam>
Date: Fri Sep 17 2010 - 06:37:50 GMT
To: isn@infosecnews.org

http://www.csoonline.com/article/615413/intel-ciso-the-biggest-threat-to-security-is-a-misperception-of-risk

By Joan Goodchild
Senior Editor
CSO
September 16, 2010

What is the most significant vulnerability that information security
faces today and in the future? According to Malcolm Harkins, CISO of
Intel, the biggest threat facing infosec is the misperception of risk.

Harkins spoke Thursday at the Forrester Security Forum 2010 in Boston
and asked infosec professionals who attended to first ponder what they
thought was the biggest risk they are facing within their own
organizations. Several people had answers: Insider threats and people
were suggested by some. Harkin agreed that it is indeed people, but not
perhaps for the reasons participants had in mind. Instead, he argued,
both exaggeration and underestimation of risk in the human mind is what
leaves us most vulnerable to danger.

There are two things that drive misperception: economics and psychology,
said Harkin. When it comes to economics, choices are made by decision
makers as they are affected by incentive and resources.

"As a security professional, I've started thinking about the fact that
we are choice architects. We are trying to get people to think about
things and make decisions," he said.

[...]

_______________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn