A Quick Review of Issues Involving People at
the last issue of NFC, John Guaspari talked about
the importance for teams, facilitators, and managers of
team programs to find ways of working with their
marketing and public relations folks to help
“sell” teams and team benefits to others in
While surfing the Internet looking for the latest
technology news and how it might affect those involved
with teams and quality, we found the Human Firewall
The Human Firewall is an organization that—hold
your breath and wait for the drum roll—wants
everyone to know that people are as important to
information security as is technology; perhaps, even more
So, we have included part of its manifesto here and the
comments of some of its members to give you what we feel
are some valuable resources and arguments that may not
only make life easier with your IT department, but can
also serve as a great introduction for you to show them
how you can help make their life easier and improve the
firm’s information security profile.
The Human Firewall, People, and Participation: An
Excerpt From the Human Firewall Manifesto
“Technology alone can’t solve the challenges
of information security. Management of organizations, in
particular, has tended to view information security as a
technical problem confined to the Information Technology
(IT) department. But to be genuinely effective,
information security needs to become part of the way
everyone conducts his or her daily business, from the CEO
at the top on through the entire organization.
“A Human Firewall is not intended as a replacement
for a traditional technology firewall since both are
necessary to protect information assets. Rather, we must
regard information security as simultaneously a people
issue, a technology issue, and a management issue. The
Human Firewall is simply a shorthand term referring to
the people issues of information security that deserve
more attention than we have given them in the past.
“According to Human Firewall Council Members,
it’s time we all acknowledged a more holistic and
progressive view of information security that
incorporates the human element that is so important to
our success in protecting vital information
© HumanFirewall.Org 2001
Comments posted by signers of the manifesto at the
Human Firewall Web site
(total signatures: 310)
Linda L. Bender
CITGO Petroleum Corporation
Comments: People will perform when they are involved and
are aware of the impact that they
Comments: It’s about time that we all realize that
people, education, and knowledge are just as powerful as
technology—if not more so—in the pursuit of
Rich S. Sheiman
Comments: As a competitive intelligence (CI) firm, we
understand the psychology of careless human disclosure.
Humans are social animals. We like to talk; we seek the
praise of others. Most information loss is inadvertent
and indirect in its path to those who exploit it for
competitive advantage. This is all very intuitive, and
yet most corporations rest the security of their
intellectual property squarely on the shoulders of MIS.
In today’s complex market environment, corporations
need a task force approach to their information security
efforts that involves MIS as well as legal, human
resources, physical security, document control, and other
functions. Most importantly, employees must appreciate
that information is an asset and be trained to support
their company’s information security objectives.
Fancy firewalls are of little value if people don’t
participate in the security process.
Gary G. Swindon
President and CEO
G. Swindon Consulting
Comments: It is no accident that the premier security
organizations, regardless of country, begin and end the
security chain with people.
Dr. E. Douglas Harris
The University of Texas at Dallas
Comments: Thanks for this opportunity to understand how
to make a difference.
Rodney G. Denno
Secure Open Systems Inc.
Comments: Human Firewall neatly captures how
organizations should mobilize and utilize their human
Comments: Protection of critical information systems and
private data begins with humans.
Expert Systems Pvt. Ltd.
Comments: Information security depends on people’s
awareness to the subject and human firewall is doing
great about this.
Information Security Specialist
Republic of Korea
Comments: Among people, process, and technology, people
are the fundamental building blocks of information
Senior Security Consultant
Comments: People are all too often the forgotten but oh
so vital ingredient of security.
Dr. Keith Blacker
Risk Focus Ltd.
Comments: An excellent idea. Making staff (at all levels)
more risk aware is the key, no more so than in the area
of IT security where a little knowledge can be a very
Matthew I. Hackling
Comments: Human Firewall = A Fantastic Endeavor! After
having wide exposure to security in physical, electronic,
and computer security, I can thoroughly agree that
security is developed by:
1. People (make and enforce policy)
3. Procedure (based on policy)
4. Technology (based on procedures)
We must address the level of information security skill
and education in the general community or we will have
the same problems again and again (RTM Internet worm,
Code Red, Nimbda, I Love You, etc.).
Rey R. Dellosa
Information Technology Manager
Comments: Human firewall is the great step for practicing
information security not only inside your company but
also to the outside world. If we just embrace the idea,
we will be having a clearer perspective to what IT
security is all about.
Information Security Officer
Federal Reserve Bank of Cleveland
Comments: The world could use an increase in awareness
that information security is not strictly an IT issue.
Technical solutions to security problems are important,
but are rarely effective without strong security
awareness. This looks like a great initiative.
Marcos E. Rodriguez
President and CEO
Comments: It is high past time that we place reliance on
humans rather than blind faith in technology. Technology
evolves by the second. In a short time, information
technology will not only be a career, but will have to be
common knowledge. Let’s share our resources to
create a more secure technological world.
April 2002 News for a Change