Which of the following is considered the weakest link in a security system?

A.
People

B.
Software

C.
Communications

D.
Hardware

Explanation:
Although society has evolved to be extremely dependent upon technology in the workplace, people are still the
key ingredient to a successful company. But in security circles, people are often the weakest link. Either
accidentally through mistakes or lack of training, or intentionally through fraud and malicious intent, personnel
causes more serious and hard-to-detect security issues than hacker attacks, outside espionage, or equipment
failure. Although the future actions of individuals cannot be predicted, it is possible to minimize the risks by
implementing preventive measures. These include hiring the most qualified individuals, performing background
checks, using detailed job descriptions, providing necessary training, enforcing strict access controls, and
terminating individuals in a way that protects all parties involved.
Incorrect Answers:
B: Software generally does what it is configured to do. It is not considered the weakest link in a security system.
C: It is easy to configure secure communications where they are required. Communications are not considered
the weakest link in a security system.
D: Hardware generally does what it is configured to do. It is not considered the weakest link in a security
system.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 126