RE: [fw-wiz] The home user problem returns

From: Brian Loe (knobdy_at_stjoelive.com)
Date: 09/14/05

  • Next message: Paul Melson: "RE: [fw-wiz] The home user problem returns" 
    To: "'Scott Pinzon'" <Scott.Pinzon@watchguard.com>, "'Paul D. Robertson'" <paul@compuwar.net>, "'Chris Blask'" <chris@blask.org>
Date: Wed, 14 Sep 2005 09:34:39 -0500

    > -- Educating users has been proven to work at company after company.
    > Help desk calls, viral infections, falling victim to phishing
    > emails, and more, have been quantitatively and demonstrably
    > reduced at companies that institute end-user security training.

    I'm pretty sure I recently saw a GAO report showing NO improvement in at
    least one government agency - with SEVERE security issues.

    >
    > -- And how do you know "it" (educating end users) is not
    > working? We have no before/after comparison on what the
    > Internet would be like if all of us who preach security had
    > stopped five years ago.

    We have a before and after picture in as much as we EVER will be able to.
    You have to look at it like a statistician - you can't query the world
    (though some of us have seemed to of forgotten that we ARE talking about a
    GLOBAL community) but you can look at smaller cross-sections of the world.
    Your company, his ISP, and the like.

    > Am I really the only one on this list who thinks so? Or
    > Marcus, did I misinterpret you?

    I think education still deserves a chance, but lets make it REAL education.
    When you are told to do something you may forget, but when you are told to
    do something, shown how and given the TOOLS to do it with it becomes much
    more difficult to forget.

    As discussed in a previous message, why doesn't my cable or dsl modem come
    with a firewall built into it - and why isn't there documentation on how to
    configure it along with strict settings configured by default? If you REALLY
    want to get proactive, and you're in a position to do so (ISP), that's how
    you make a difference.

    In my view, there's been plenty of education in the preaching variety, what
    we need is teaching.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Paul Melson: "RE: [fw-wiz] The home user problem returns"

    Relevant Pages

    • Re: Security Education in the Workplace
      ... You said you did threat modelling. ... building better security tests and have them hooked into the master build ... used to approach the education in the workplace, ... This would mean in many cases the materials ...
      (SecProg)
    • RE: User Education (was: New article on SecurityFocus)
      ... Those responsible for the education ... > security relates to their job - about the only time they run into it is ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • RE: Why Easy To Use Software Is Putting You At Risk
      ... So even if you do not want the piece of paper - education never hurts. ... Can Easy To Use Software Also Be Secure ... because DNS does not configure properly or security permissions are ... easier to work with then they use to is developers have created ...
      (Security-Basics)
    • RE: User Education (was: New article on SecurityFocus)
      ... Those responsible for the education ... security relates to their job - about the only time they run into it is ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: [fw-wiz] The home user problem returns
      ... > With the current state of Internet software, ... > We're wasting our breath in general. ... >>User education still needs to happen ... Security" and Paul's "Something About Security". ...
      (Firewall-Wizards)
    • Quantcast