The Primary Cause of Security Breaches = Human Error in Security http://www.dslreports.com/forum/r15881472 en Mon, 09 Nov 2009 05:42:59 EDT Mon, 09 Nov 2009 05:42:59 EDT Re: The Primary Cause of Security Breaches = Human Error http://www.dslreports.com/forum/remark,15882625 novaflare : Heh but those guys are just copy cats the original on the idea was carried out back before computter existed in every day use (as in pcs etc) Before this time typ writers were used and they had even easyer to distinguish sounds for each letter.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channel
open source dns server for *nix and windows »powerdns.com]]> http://www.dslreports.com/forum/remark,15882625 Wed, 12 Apr 2006 15:18:47 EDT Re: The Primary Cause of Security Breaches = Human Error http://www.dslreports.com/forum/remark,15882602 novaflare :
said by ScreenAngel See Profile :

Also, here are the causes of human error elsewhere Internet Explorer, Windows, and Outlook.
forgot a ffew there
firefox mozilla thunderbird linux mac osx konq.... Put simply all software known to man already created and all that will be created
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channel
open source dns server for *nix and windows »powerdns.com]]> http://www.dslreports.com/forum/remark,15882602 Wed, 12 Apr 2006 15:16:25 EDT Re: The Primary Cause of Security Breaches = Human Error http://www.dslreports.com/forum/remark,15882585 ScreenAngel : All about Acoustic Snooping on Typed Information
»www.freedom-to-tinker.com/?p=893

Very interesting indeed.... :)]]> http://www.dslreports.com/forum/remark,15882585 Wed, 12 Apr 2006 15:13:56 EDT Re: The Primary Cause of Security Breaches = Human Error http://www.dslreports.com/forum/remark,15882405 ScreenAngel : Basically, to fix human error... well one of the biggest mistakes on work computer setups is allowing internet address to sites besides those necessary for work tasks. And also admins not checking their systems for vulnerabilties that can be exploited and patching when fixes are available.

Also, here are the causes of human error elsewhere Internet Explorer, Windows, and Outlook. ]]> http://www.dslreports.com/forum/remark,15882405 Wed, 12 Apr 2006 14:46:04 EDT Re: The Primary Cause of Security Breaches = Human Error http://www.dslreports.com/forum/remark,15881889 novaflare : Heh lets think about this for a secound. When it comes right down to it all security breeches are do to human error. Look at it this way even if the breech is do to a exploit in os or software a human is responsable for that os or softwares creation.

Corse what they realy mean is some dumb admin who has no buissness being behind a computers keyboard screwed up and left a hole wide open in the firewall or a user installed somethign they should not have.Then you got the admin who doesnt do the updates he should etc.

As long as a computer has a face towards the outside world there is always a risk on a pc by pc basis. In a corp invironment with people of varied level of security clearance etc if they have access to other computers above their clearance there is then that area to be secured as well and a chance for a breach of security. Basically there is no such thing as a 100% secure pc if its ever even powered on.

Hell theres even remote ways to potentialy capture keystrokes on a pc thats not hooked up to any thing.

In fact typing on a keyboard with no power to it its still possible to record the keystrokes. Sounds funny and like a line of bs right wrong. Each key you hit on your key board has a unique sound. It would be possible to record these sounds aand start looking for letter compnality on the sounds. Startigng with the volwes e first as they show up in the english language once you has those you move on to bcd fgh jkl mn pqrst vwxyz. Now that you have a sond profile for a keyboard you can find out exactly what a person typed.

Strange but true listen to your key strokes as you type the reply to what might seem like a silly reply from me. I bet you will be able to pick out a few unique sounds of keys by ear now imagine running a recording of it through a computer and looking for the minute diffrences in sound :).
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channel
open source dns server for *nix and windows »powerdns.com]]> http://www.dslreports.com/forum/remark,15881889 Wed, 12 Apr 2006 13:29:48 EDT The Primary Cause of Security Breaches = Human Error http://www.dslreports.com/forum/remark,15881472 ZOverLord : From: »www.comptia.org/about/pressroom/···prid=903

Organizations Ignoring Main Culprit in Information Security Breaches, New CompTIA Research Reveals

Oakbrook Terrace, IL, April 11, 2006 – Organizations are doing little to address the most serious threat to their information security and technology infrastructure, according to new research released today by the Computing Technology Industry Association (CompTIA).

Human error was responsible for nearly 60 percent of information security breaches experienced by organizations over the last year, according to the fourth annual CompTIA study on information security and the workforce. That figure is significantly higher than one year ago, when 47 percent of security breaches were blamed on human error alone.

Yet despite the prominent role that human behavior plays in information security breaches, just 29 percent of the 574 organizations that participated in the survey said that security training is a requirement at their company. Only 36 percent of organizations offer end-user security awareness training.

“The primary cause of security breaches – human error – is not being adequately addressed,” said Brian McCarthy, chief operating officer, CompTIA. “The person behind the PC continues to be the primary area where weaknesses are exposed.”

Over the past several years a sophisticated security infrastructure that is better able to detect and prevent attacks has emerged. The CompTIA study found that antivirus software is nearly universal (96 percent penetration); and the vast majority or organizations utilize firewalls and proxy servers (91 percent). Disaster recovery plans, intrusion detection systems and written information security policies are also popular measures.

“As we get better from a technology standpoint, many organizations seem to believe that technology solutions alone are sufficient to turn back all attacks, and a level of complacency may be setting in,” McCarthy said. “The fact remains that no technology on its own can be completely successful without an equally strong commitment to information security awareness and training throughout every level of the organization.”

For its part, CompTIA offers its CompTIA Security+™ certification, a foundation-level, vendor-neutral professional certification for network security practitioners with two years’ experience and who have daily “hands-on” responsibility for information security. The certification was developed with the involvement of some 1,100 experts around the world with first-hand experience in IT security implementation.

Virus, worm attacks still prevalent

Virus and worm attacks were the most commonly mentioned security problem, as they have been through all four years of the CompTIA study on information security. A lack of user awareness, browser-based attacks and remote access were the next most frequently mentioned security problem areas.

About 40 percent of organizations participating in the survey said they had experienced at least one security attack in the past year. The most severe security breaches were reported by large organizations (7,000 or more employees) and educational institutions.

The financial impact of information security issues was vividly illustrated when survey respondents were asked to place a dollar value on the cost of their last security breach. The mean values were over $11,000 for the last security breach and just under $35,000 for breaches over the last year. Some organizations reported a financial impact above $50,000 for security breaches, showing that while a “garden variety” breach may be little more than an inconvenience, the potential for serious harm is always present.

CompTIA commissioned TNS Prognostics, a leader in market research and consulting for the IT industry, to conduct the study to identify current IT security practices and highlight security challenges confronted by organizations of varying sizes and sectors.
**********************************************************

Just another reason why companies and people should think about methods to protect their systems from things that Malware software protection does not provide.
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com]]> http://www.dslreports.com/forum/remark,15881472 Wed, 12 Apr 2006 12:26:38 EDT