Cool as McCumber

Of security people and their technology

You can demand that your constituents bow to your superior knowledge and foresight. You can demand submissive compliance with the new technology because of the huge sunk costs. You can criticize and defame those who disagree with your risk analyses. But by undertaking any or all of these responses, you are abdicating your role as a security expert.

Security experts practice their trade through the good offices of those they protect. If you damage that trust relationship, no technology can fix it. Determining which technology solutions to invoke is always the least important of our many security decisions. The human factor, on the other hand, is always paramount.

John McCumber is a security and risk professional, and is the author of "Assessing and Managing Security Risk in IT Systems: A Structured Methodology," from Auerbach Publications. If you have a comment or question for him, please e-mail John at: