RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly
From: Ron DuFresne (dufresne_at_winternet.com)
Date: 09/30/03
- Previous message: Michal Zalewski: "RE: [Full-Disclosure] Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly"
- In reply to: Paul Schmehl: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
- Next in thread: Dan Stromberg: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Paul Schmehl <pauls@utdallas.edu> Date: Tue, 30 Sep 2003 05:00:21 -0500 (CDT)
> No, I meant proper security training. Is that so hard to understand?
> Regardless of the OS, every user should know how and why to patch. Every
> user should understand what social engineering is, how to detect it and
> what to do about it. Every user should understand physical security,
> locking your workstation, why you should logout and when, etc., etc. Every
> user should understand the basics of malicious code, how to spot it, what
> to do about it, how to recognize hoaxes, where the resources are when they
> need help.
>
> Without user training and an educated user community, no security program
> can ever hope to succeed.
>
Which I find too often is a top down failure, to provide even the proper
documentation on policies and corporate guidlines. You'd be surprised
how many times I have poked up the ladder at those supposedly tasked to
provide concrete documents to guide various groups, from admins and
network engineers to end users and system setup specialists, to find that
the information to point others at does not exist, and though planned for
the last two years to be completed, is *not* at present priority. Of
course everytime I clime that ladder, all hell breaksout as someone gets
pissed their lack of responsibility has been called into accountable
inactivity. And far too often the damned messenger gets shot, almost
makes one feel like the boarders and handguns of Texas reaches the east
coast...
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Michal Zalewski: "RE: [Full-Disclosure] Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly"
- In reply to: Paul Schmehl: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
- Next in thread: Dan Stromberg: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
