NexGen Firewall vs Human Firewall

This might not be a good comparison, or one may think it is a weird one. For the past three decades technologists and cyber security vendors have worked hard to produce the best of the breed when it comes to technical security controls based on hardware, and now transitioning to sofware based or software defined alternatives. Around the same time the bad guys, whatever hat colour they wear, they have also been busy trying to poke holes on these controls, and they only need one good strike out of 1000000 tries. To be fair, they have been successful to say the least.

But what have slowly evolved is the Human firewall as defense, where organisations still believe hardware or software based firewall is the only good security controls to stop bad guys from the internet getting in their organisations. Well, if you have been counting, this is the long war, and every now and then the good guys may win , but playing a long game, the bad guys have an upper hand.

Regardless of advancement of technology, the human still remains to be the weakest link in the chain, and the organisations should invest reasonable well in fortifying the human firewall, because at the end of the day, you may have all the hardware and software good shiny updated firewalls, but if you dont have strong human firewall, you will always fell victim.

Author: kinyoka

A certified Information Security professional, with demonstrated experience spanned more than 10 years in financial, banking, consulting, and payment card industries in managing Information Security System Management ISMS. A post graduate degree holder in Information Security Management (M.Sc); Certified Information Security Manager (CISM), Payment Card Industry Qualified Security Assessor (PCI QSA), SABSA Chartered Security Architect (SCF), ISO 27001 Lead Auditor, CREST Registered Technical Security Architect (TSA), CREST Registered Penetration Tester (CRT), and a member of ISACA. Demonstrated to be reliable, trustworthy, and meticulous person; working in a controls-focused environment, multinational, and multicultural organisation over the years and gained a good understanding of what is required of the Information Security professional. . Specialties: ISMS based on ISO/IEC 27001/2 Payment Card Industry (PCI) DSS - QSA led services - PCI Scoping, Gap Analysis and Formal Assessment (RoC) IT Governance, Risk and Compliance (GRC) Management Cyber Security Penetration Testing Enterprise Security Architecture Technical Security Architecture

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: