That’s right, I am here to tell you that, hands down, HIPS is the most important tool for mitigating corporate security risks.  Many of you may be thinking that Host Intrusion Prevention System (HIPS) is a critical component of an organization’s information security practice, but certainly not the ultimate solution.  If you are thinking this, you are correct – Host Intrusion Prevention is not the ultimate solution.  What I am referring to is the Human Intrusion Prevention System.

Every good and effective security practice starts and ends with a human element.  Security must begin by people within the organization defining threats, the likelihood of compromise and the cost associated with a given compromise.  Everything else that the organization does to mitigate risk should be enforced and validated at periodic intervals by someone within the organization, or by a trusted 3rd party with knowledge and experience.  Technology certainly plays a key role in supporting an organization’s security processes, but only when implemented, monitored and supported by knowledgeable people who are aware of the risks to the organization.  This means that both security administrators and end users should be provided with security-related training commensurate with their job role and access to confidential data. End users are perhaps the most critical component to an organization’s security practice. As unlikely as it may sound, a significant number of data breaches have occurred as a result of someone simply discarding confidential data into the nearest waste basket. 

A well rounded security practice addresses the organization’s people, operations and technology… just ask infamous social engineer and hacker, Kevin Mitnick.  All three facets must be properly developed and supported by well trained and knowledgeable people.