Shouldthe CISSP CBK be expanded to cover "human factors" in security? [1]
Add “HumanFactors” No.[2]
Clearly,human factors are a major component to information security and Gary Hinson presentseffective arguments that they should be established as an additionaldomain. On the other hand, Rob Slademakes an effective argument that the human factors are a significant componentof each of the current ten domains primarily based on his experience teachingthe CBK® to CISSP® aspirants for (ISC)˛®. In full disclosure, I also teach the CBK® to CISSP® aspirants, but notfor (ISC)˛®, but at a local college.
I foundthe discussion interesting in that I have, from the very beginning, found thathuman factors are a significant component to all aspects of security and teachsame when preparing my students for the CISSP® exam. However, almost to a student, I am challengedas to why the emphasis when the varying study materials, place little if anyemphasis upon human factors. As aninstructor Rob and I do not have access to the exam materials and cannot writeexam questions unless we give up our teaching; an understandable restriction by(ISC)˛®.
None-the-less,the human factor is significant and the materials made available by (ISC)˛®make no mention of them. As I examineeach of the ten domains, there is no mention, or even a hint that I can detectin them, of human factors to include their sub-topics as articulated in thedescription for the “
Official(ISC)˛® Guide to the CISSP® CBK®”; which, by the way, is the only locationthat I can find the secondary level mentioned in public. Yes, I know that if I fill out a questionnaireand submit it, that I will get much more; but that is deceitful as I am not acandidate. What is a dedicatedconstituent to do, speculate?
Whileanyone can effectively argue that the “Information Security and Risk Management”domain contains numerous indirect references to the human factor I find itdifficult to infer same in any of the other nine.
It is my position that each of theten CBK® domains should make it clear at the secondary level that “humanfactors” are a significant component.
[1] Gary Hinson, 9 August 2009
[2] Rob Slade, 10 August 2009
More...