LOGBOOK

HELP

Quiz Entry - updated: 2026.05.28

Why is the human ("the factor between screen and keyboard") described as both the biggest risk and the biggest protection in information security?

The same person who clicks the malicious link can also be the one who spots and stops the attack — so awareness decides which one they are.

Technology and processes can only go so far; a human ultimately decides whether to open the attachment, reuse the password, or question the suspicious call. That makes people:

  • The biggest risk — they're convenient, can't oversee everything, dislike rules, want the newest thing, "know it all," and often only "learn by suffering."
  • The biggest protection — an alert, trained employee catches what filters miss (a well-crafted spear-phish, a tailgater, a dodgy USB stick).

Why awareness is the lever: you can't patch a human, but you can train one. The whole point of awareness work is to move people from the risk column to the protection column.

Tip: Most real breaches start with a person, not an exploit — which is why "the human firewall" is a genuine control, not a slogan.

From Quiz: ISF / Awareness & the 5S Model | Updated: May 28, 2026