Do I win a prize for being first?!
J Don Guyer Systems Engineer - Information Services Prudential, Fox & Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com <mailto:don.gu...@prufoxroach.com> From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Friday, July 23, 2010 11:14 AM To: NT System Admin Issues Subject: New SunPoll - Why no Internet Security Awareness Training? And here is the new SunPoll: In your organization, is end-user Internet Security Awareness Training (ISAT) done regularly? - Yes, that is Policy here, and most get mandatory (semi)-annual ISAT. - I send friendly emails regarding latest threats, scams, phishing, etc. - They do not see the quantifiable ROI, so no budget for ISAT, unfortunately - There is no one to manage the ongoing process of end-user security training - They assume people already know, and nothing is done about it - Other (email me at feedb...@wservernews.com) Vote here, Bottom Right. Going to be interesting what the percentages are! http://www.sunbeltsoftware.com/ ________________________________ From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, July 22, 2010 3:50 PM To: NT System Admin Issues Subject: Re: Why no Internet Security Awareness Training? Many good responses have been provided thus far, but it comes down to the following for many organizations: * Training of all sorts become early casualties of budgets. If there aren't enough reasons from a Senior Management standpoint to have that sort of training, it won't happen * Organizations assume that people know. * Organizations forward emails or links about the subject and assume that this is good enough * They don't hire someone who will manage the ongoing process of end-user security training, or they relegate it to someone with 19 hats who won't have the time to do it justice. * There's a whole lot more than just security training that they're not doing -- sometimes including security itself. Security costs, but good security prevents more debilitating costs. Some organizations just don't get that yet. -ASB: http://XeeSM.com/AndrewBaker On Thu, Jul 22, 2010 at 10:55 AM, Stu Sjouwerman <s...@sunbelt-software.com> wrote: Guys, I'm writing a editorial in WServerNews about something I have observed. The vast majority of organizations do not train employees on even the basics of Internet Security. How not to get phished, not to get scammed, don't click on something you shouldn't. Most of us get mandatory sexual harassment training once a year. Why not training on being secure on the net? What do you think is causing this, especially with moving things in the cloud? Interested in your input. Warm regards, Stu .. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
