Human Element was formed with the goal of improving how organizations defend their critical assets against cyber threats.
Our approach has three components:
Security from the inside out.
We have found that many organizations perform enterprise risk assessments but do not use the results to drive their information security program. Instead they apply ordinary layers of defense that fail to address the organization's greatest vulnerabilities. Organizations commonly try to seal each layer, and, since they've performed a risk assessment, as long as all of their assets are somewhere inside the layers, they think they can declare victory.
But to properly secure an IT enterprise we must be able to distinguish good activity from bad, understand which assets are most important, and which are most susceptible to what kinds of attacks. This is more difficult than simply hardening layers (but surprisingly not more expensive). It just requires better planning, exceptional discipline and a true understanding of what we are protecting and how the attackers operate. Read more about our comprehensive security services.
Human-Based Cyber Defense
This method addresses one of the most susceptible assets at the core of the enterprise: the people. Humans not only design, implement and operate the infrastructure, they also use the infrastructure to do their job. Employers send their employees to security training programs, but still 95% of security breaches are caused by people. This is because training alone will never solve the human vulnerability problem.
Employees are assets just like computers, servers, and applications. Human assets have access to sensitive data and they have vulnerabilities; weaknesses in their knowledge, a propensity for mistakes, and social, cultural and business drivers that take priority over good security practices. It's no wonder that humans are the weakest link in IT security.
Human Element studied the human problem and created a framework for addressing human vulnerabilities. We incorporate this framework into all of our security services. Read more about our Human-Based Cyber Defense solutions.
Shon Harris Security Training
Shon Harris didn't invent information security training. But it's safe to say she has influenced it more than anyone else. Her CISSP books and courses set a standard that others are still trying to follow; and the security industry and its 91,000 Certified Information Systems Security Professionals are better off due to her approach to training. Human Element continues to offer and improve upon Shon's training. A well-trained security workforce is critical to achieving our goal of better cyber defense. Read more about Shon Harris and our Shon Harris Training courses.