I read this article (Surviving an Insecure Cyber Workforce) this morning about “the user” (and was once more disappointed â€“ initially. They talk about the importance of awareness, the technology to make sure that the user does not access anything outside their business needs and only well audited etc. and at the very, very end they talk about “Keep it Simple”.
In my humble opinion, this is wrong. It is the other way around. The user has to be the center of gravity. Security delivers a service to the user! This has to be the mindset. How can we support the user to do their job in a secure and safe way? Why did encryption never really take off? Do you really think it is because the technology needs to improve? Yes, but not with the algorithms, it is the user interface, the user experience which needs to get much, much better. If my mom is able to exchange a mail and/or data in a secure way with any third-party, I guess she will. That’s the problem in my opinion.