When you are talking about security breaches be careful enough not to involve "Mutual exclusivity". Everything here can either be an option or party that can be used in any combination. Its a matter of relevant solution for a potential attack method,in a dynamic environment .We need trigger(sensors) to alert before something has happened or to minimize damage(stop a process). Social engineering(IT) is as very complex as any normal social life and need more long term and robust approaches.We are having so many social scams, pyramids, con-men in our streets ..yet we cant avoid strong doors & windows,electric fences,CCTV,alarms systems,traps, ..and yet we need arming our selves with firearms,machetes,paper sprays etc for those who choose violent ways. We have all spectrum of attacks we need all tools.Automation would reduce things at our hands so that we can spend more time fixing the other side.I don't think you don't need automation to be alerted when the so "called port" is open by an intruder while your fixing social issue within. What a social Engineering you are talking about?Imagine I am just a wanna be hacker and you are a RESPECTED SECURITY CONSULTANT with a big enough customer base.I can visit your website and see your satisfied customers(portfolio) and then plan my move to prove what you are preaching here with automated tools applying to them all at once.Why do you make things go against you and not otherwise? -- Regards, Nicholas Peter.* Kinpro Computers.* *Box:*16954,Arusha. *Tel :*+255 732 972287. *Mobile**:* +255 754 914652 *Email: *kinprocomputers@gmail.com On 8/23/14, Maxwell Sabwa <maxwellsabwa@gmail.com> wrote:

I kind of get what you are on about. I think that in most cases the most serious security breaches are down to social engineering, where someone is fooled into installing a piece of software, opening a port or giving out a password. Winning that battle is probably half of winning the war. I think it has to be a two pronged approach, where you secure the systems using tools and help people avoid being fooled into revealing information to unauthorized persons.

My 2c.