I thought this was a neat article. It challenges standard risk measurement techniques by claiming that we often fail to account for the actions of people. I agree. I think it is easy to look at and mitigate risks based on technology and physical security, but the human element exists everywhere. The writer has five recommendations:
Gather threat intelligence and data about the behavior of your users.
Do not reveal to miscreants how they were detected if you can help it.
Be deliberate in how you publicize risk mitigations in your organization.
Be deliberate in how you share information externally.
Don’t spread FUD. FUD (Fear, Uncertainty and Doubt)
As it relates to class I thought this was a good reminder that fraud always has that human element to it and just because cyber security involves a lot of technology doesn’t mean that we’re removing human judgement and human decision from our risk scenarios.