User education is like a firewall that lets in 20% of all attack traffic. You could buy one if you want, but I wouldn't spend too much money on it or put very much faith in it. When it comes to, say, Blaster, Mydoom or Code Red getting onto your network, does it really make that much difference if 2000 people click the wrong thing or just 2? Either way, your network is in trouble.
Businesses have been educating users about the same issues [choosing good passwords and email attachment safety] for years if not decades. People are still clicking on email attachments despite being educated on that for years and years in a row. Most of these issues have technical countermeasures [email attachment blocking and password complexity rules], so why bother educating on those issues? With only limited funds for security, might those funds be better spent elsewhere? Security is not always about reducing risk, it can be about accepting risk. It's about studying the cost of threats and comparing that to the cost of countermeasures. It is not always a given that it is in every organization's best interest to educate users. I don't think it's correct to say few people in IT security are educating their users. From my perspective, too much money is spent on user education without thoughtfully evaluating the cost and the effectiveness of that training. I think not enough money is generally being spent on security education for administrators, programmers, management and security staff. kind regards, karl levinson > -----Original Message----- > From: Brady McClenon [mailto:[EMAIL PROTECTED] > > This is the attitude that is rampant in the technology sector > that leads > to the ignorant technology user. > Sure if > you teach 10 people at best probably 8-9 will get it, but > that's better > then having not tried at all. > > Very few people are willing to try to educate their users. > This is why is has been done by now. __________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com --------------------------------------------------------------------------- ---------------------------------------------------------------------------
