the following paper discusses both the technical and human factors on security issues: budi arief and denis besnard (2005) technical and human issues in computer-based systems security. centre for software reliability, school of computing science, university of newcastle upon tyne. [available at http://www.dirc.org.uk/publications/techreports/papers/5.pdf] with both the technical and human factors in mind, read the following articles on password management, search and study about patch management, and compose a paper with the topic listed below. other optional resources on passwords schneider, b. (2005). “the curse of the secret question,”. computerworld, retrieved 08/30/07, from the world wide web: http://www.computerworld.com/securitytopics/security/story/0,,99628,00.html rsa security inc. (2005). password whitepaper: “are passwords really free? – a closer look at the hidden cost of password security,”. retrieved 08/30/07, from the world wide web: http://www.rsasecurity.com/solutions/topics/whitepapers/clhc_wp_0804.pdf schneier, b. “two-factor authentication: too little, too late,” inside risks 178, communications of the acm, v. 48, 4, april 2005. retrieved 08/30/07, from the world wide web: http://www.schneier.com/essay-083.html McNulty, E., Lee, J. E., Boni, B., Coghlan, J. P., & Foley, J. (2007). Boss, I Think Someone Stole Our Customer Data. Harvard Business Review, 85(9), 37-50 The Background Readings lists several other articles and reports that speak to both the social and the technical elements in information security, as well as some specific references on the issue of password management. (Remember to cite your sources carefully.) When you''ve read through the articles and at least scanned some of the Background Readings (which are there, remember, for a reason) and perhaps been around the Wiki a bit, please compose a short (ca. 5-7 page) paper on the topic: "How can we avoid having good Internet security technologies compromised by the people who use them? -- Lessons Learned from Password Management and Patch Management" In preparing your paper, you may wish to think about the following issues: • What kinds of problems in Internet security are best addressed with technical solutions? Managerial solutions? • Password management and patch management are particularly problematical, since they require people to do certain things they don''t really want to. Is there anything from the password management literature that might be informative to patch management? • How does the element of risk come into play? How can we effectively factor risks and risk management into our security management? Remember, you do not have to explicitly answer these questions in your assignment. You should think about these questions and then integrate your thoughts into a well-organized answer to the primary question.