You CAN Stop Stupid

"Security is as psychological and cultural as it is technical. Wrinkler and Brown rightfully undermine the assumption that individual users are inherently flawed and the systems they are expected to use inherently secure. In fact, users are key to making systems less vulnerable. Y ou CAN Stop Stupid should leave organizations looking in the mirror wondering how they can empower their people to better manage risk." -- RICHARD A. CLARKE The Fifth Domain and Against All Enemies , Special Advisor to the President on Cybersecurity Around the world, users cost organizations billions of dollars due to simple errors and malicious actions. The organizations believe that there is some deficiency in the users. In response, they think the solutions are awareness efforts and making more secure users. This is like saying that coalmines should get healthier canaries. In reality, a multilayered approach is required, one which acknowledges that users will inevitably make mistakes or have malicious intent, and the failure is in not planning for that. It takes a holistic approach to assessing risk combined with technical defenses and countermeasures layered with a loss prevention culture and continuous improvement. Only with this kind of defense in depth can organizations hope to prevent the worst of the cybersecurity breaches and other user-initiated losses. Using lessons from tested and proven disciplines like counterterrorism, safety science, process control, quality management, and more, Ira Winkler and Dr. Tracy Celaya Brown's You CAN Stop Stupid provides business technology and security professionals a methodology to analyze potential losses and determine how to proactively mitigate losses attributed to user stupidity. Learn why it isn't the users who are stupid, because it is you who stops stupid. "If you want a strategy on how to realistically develop a more secure organization, this book is for you. It breaks down the fundamental problem of how users are sometimes the weakest link, not because the users themselves are, but because we create a weak environment around the users, and then builds up a strategy for how to protect against that problem." -- JACK RHYSIDER darknetdiaries.com