Bank tellers also get extensive training to protect the bank. Try getting a company to pony up for end user security training. I managed to convey it's importance to my upper mgmt, it has certainly paid off as I test them randomly and the failure rate has dropped off considerably. John W. Cook Network Operations Manager Partnership for Strong Families
----- Original Message ----- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, July 18, 2012 04:20 PM To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> Subject: RE: Dave Aitel on end user security training I'm not prepared to throw IT security awareness training out the window, but I agree with Aitel's position that enterprises should approach security with the assumption that some users will ignore what they were taught. He writes that "a user has no responsibility over the network," but that may not be realistic in this era. All of my users have a certain responsibility when it comes to protecting the network, just as we all have responsibility for our physical environment. If I'm the last person to leave the office but I don't lock the door, I'm neglecting my responsibilities. I can argue that I'm not the person in charge of facilities, but that doesn't fly. If I'm using an asset--regardless of what that asset is--I have a role in protecting it to the degree that I can. He also says that users "don't have the ability to recognize or protect against modern information security threats any more than a teller can protect a bank." Bad analogy. Bank tellers certainly DO have a role in protecting the bank's assets, such as requiring that customers provide proper ID before handing out cash. John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, July 18, 2012 3:43 PM To: NT System Admin Issues Subject: Dave Aitel on end user security training I must say, I have to agree, for most business cases http://www.csoonline.com/article/711412/why-you-shouldn-t-train-employees-for-security-awareness OTOH, I don't think you have much alternative when dealing with family and friends - training is pretty much all there is. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin