Re: [fw-wiz] The home user problem returns

From: Elizabeth Zwicky (zwicky_at_greatcircle.com)
Date: 09/19/05

  • Next message: tbird_at_precision-guesswork.com: "Re: [fw-wiz] The home user problem returns"
    To: "Tina Bird" <tbird@precision-guesswork.com>
    Date: Mon, 19 Sep 2005 12:43:08 -0700
    
    

    On Sep 13, 2005, at 12:23 PM, Tina Bird wrote:
    > i disagree. i don't know *anyone* who willingly makes a fundamental,
    > significant change in their behavior without pain as a motivator.

    On the one hand, I agree with Tina -- people change their OWN
    behavior based on their OWN pain. On the other hand, this insight
    leads people to some terrible attempts at training, because people
    (dogs, cats, octopus, anything with a brain of reasonable size)
    do not respond effectively to imposed pain. Positive training
    methods always work better on long-term measures.

    Why is this relevant in security? Because the principal problem
    is NOT that people don't feel pain when they screw it up -- it's
    that there's absolutely no reward for doing it right (in fact,
    it often causes pain itself). If more secure solutions were
    faster, nicer, more fun OR cheaper in practical terms, we
    wouldn't have the problems we do. Asking people to choose
    long-term lack of pain over immediate reward is like asking
    water to flow uphill. It can be done, but it's an awful
    lot of work...

    As long as you're working on increasing the pain for bad
    security and making it happen faster, you're still
    working on doing things the hard, ineffective way. If
    you can get a reward for good security, then you're
    working with the flow. If you want people to patch
    their systems, show an interesting video clip only
    available during patch downloads. Or whatever.

            Elizabeth Zwicky
            zwicky@otoh.org

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: tbird_at_precision-guesswork.com: "Re: [fw-wiz] The home user problem returns"

    Relevant Pages

    • Re: [fw-wiz] The home user problem returns
      ... >>do not respond effectively to imposed pain. ... > administrators and their ... i start by describing it as a reward system for proper ... What is the reward for a home user to participate in security, ...
      (Firewall-Wizards)
    • Re: [fw-wiz] The home user problem returns
      ... Tina, if I didn't know better, I'd conclude that security is driven by ... I have an entirely different take on pain versus reward than this thread ... > as a reward system for proper configuration, ...
      (Firewall-Wizards)
    • RE: [fw-wiz] The home user problem returns
      ... > Just to be clear, I don't mean pain forced upon someone, I mean pain ... carrot, meet stick. ... and deciding that endpoint enforcement was ...
      (Firewall-Wizards)
    • Re: motor emulation, modularity, feedback, prediction, and dreams
      ... in the form of pain and other sensory receptors. ... all pulses which came in input A to output x, ... time it did the right thing, and otherwise, not reward it. ... sets the nodes desired pulse ratio output. ...
      (comp.ai.philosophy)
    • Re: [fw-wiz] The home user problem returns
      ... > do not respond effectively to imposed pain. ... the security community makes this very clear ... There are pieces of low hanging fruit that can be had by vendors. ... are more amenable to change by introducing more carrots into the mix. ...
      (Firewall-Wizards)