-----Original Message----- From: Derick Anderson [mailto:[EMAIL PROTECTED] Sent: Monday, January 09, 2006 12:26 PM To: [email protected] Subject: RE: New article on SecurityFocus
<snip> I used to believe that if users were trained properly then they wouldn't need anti-spam/virus/spyware/etc. because they'd know better than to do stupid things like click on links to pictures of naked tennis players. <snip> I think this is merely a symptom of a larger issue. The problem IMO is a social one: Users don't care because it's IT's problem to protect the PC's and there are no repercussions at the majority of organizations for moderate exposure/loss of productivity. As Derick states, training to stop these habits can only go so far. In general, people know they shouldn't look at the naked tennis star, but they look anyway. The whole attitude toward the computing resource has to change. To carry the car analogy out, if a worker crashes a company vehicle, there are all kinds of processes--forms to fill out, insurance claims, drug tests, interviews, etc. Repeated incidents would result in suspension of driving privileges and in extreme cases, dismissal if recklessness were involved and documentable. Why is it we as IT people (are permitted/required) to keep throwing new, or even refurbished 'cars' in front of users that keep totaling the ones they have--with no review by the company management? This is a more important question to me than whether to bother training. Training always has at least small gains. Well, that's my $0.02. -- Carey Myers --------------------------------------------------------------------------- ---------------------------------------------------------------------------
