A story here proposes, largely jokingly, the idea of adding “Homo sapiens” to a widely-recognized list of the most significant vulnerabilities impacting computers and the networks which connect them.

Even though this is a joke, I wonder if a certain value might not be had by listing it in this fashion, on a widely-used and well-known list like that one. As we’ve already talked about here, the human factor is already one of the weakest links in the security chain, and as computing becomes more and more ubiquitous, the risk is just going to increase.

Although most company policies have a basic nod to this area, is it time to revamp these policies, paying specific attention to the risks associated with social engineering, and increase the training around these issues? I think it is, and I think that listing it in the SANS Top 20 list is actually quite appropriate, and no laughing matter.

Thanks to the DC303 list to calling my attention to this.

About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours - the best way for Security Leaders to connect with a group of peers each week for a needed shot of energy and actionable insights.