The Human Factor in Compliance
It is easy to assume that deploying a myriad of electronic surveillance technologies (e.g., data leak protection, logging, archiving, firewalls, event data recorders, etc.) is sufficient on its own, providing organizations with a hundred sets of "electronic eyes" constantly watching for breaches of compliance, leaks of intellectual property, rogue employees, and the like.
Yet it is prudent to consider the vast delta that remains between mankind and machine. Even the most advanced computer technology lacks important elements of human judgment. For example, while technology can identify exceptions in logs or behavior, it takes a human to validate whether an anomalous event is due to a tired executive performing large downloads late in the evening, or a rogue employee attempting to circumvent the system to send confidential contract data to an unauthorized external contact.
The old adage, "people, process, and technology" should be integral to your philosophy of compliance. Notwithstanding the promise of expert systems, interpretation of the meaning of events discovered by technology will require human judgment for the foreseeable future. ... David Sengupta