Human failings can compromise the best IT security configuration

Even the best IT security can be let down by people's shortcomings and the processes surrounding systems. That was a key message from last month's annual Turing Lecture, organised by the BCS and the Institution of Electrical Engineers. The most complex cryptography or data scrambling can be let down if system operators assume that this technology alone is the answer to their data security, said Fred Piper, director of the Information Security Group and professor of mathematics at London University's Royal Holloway College.

He recalled a university which was concerned about students breaking into its system and changing their grades, so it encrypted the grades.

"A hacker could not read the grades but what they were actually worried about was someone changing the grades," Piper said. "You can still change the grades, even though they are encrypted. You find the name of someone you know is a good student. You cannot read his grade but you can copy his grade to yours: encryption does not stop this."

Read Full Story