I was about to write an email to someone I respect deeply about how my thinking on information security had changed since we last met in the summer of 2013. Then I wondered if I’d actually written a blog post on this? I searched and found nothing, so surprised that it is not here. It is pretty straight-forward, on the verge of  “obvious my dear Watson” 😉

Clearly security is broken, however hard we work, our security programs interlaced with security technologies are not effective. Our security programs are not watertight.

So here we go:

1. Security is only as strong as the weakest link – an obvious deduction even for the non-security geeks amongst us 😉

2. The weakest link in the chain is the Human Factor of Information Security, something David Lacey wrote a whole book on in 2009.

3. If the identity thing, you know the technology aspect of ‘the human aspect of information security’ had been architected correctly from the start, we wouldn’t be in the shit that we are today when it comes to a water-tight security programmes!