Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spaf did not receive your email (was Re: [SECURITY ] Job Descriptions)

From: "Piazza, John" <jpiazza () ITS UAB EDU>
Date: Thu, 27 Feb 2003 11:14:53 -0600
Very well said, Randy - especially when you consider about 75-80% of
security is policy/education and training - IMHO.
John



John Piazza
Data Security Officer/HIPAA Compliance Officer
The University of Alabama at Birmingham
205-975-0842

-----Original Message-----
From: Randy Marchany [mailto:marchany () VT EDU]
Sent: Thursday, February 27, 2003 10:44 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Spaf did not receive your email (was Re: [SECURITY]
Job Descriptions)


But, it means that I have to have my virus patterns updated very often

(which

happens automatically), and we also have Antigen from Sybari on our
Exchange servers, so 99.9% of the emailed viruses never make it to my
desktop.


So do we but I have copies of Trojan programs that still pass through AV
filters undetected. We should never forget the trojan threat. That's why I
fear the Office attachments.

I have long said that users need to get a "Network Drivers License" before
they get on the net. Nothing fancy, just basic awareness and good practices.
The DMV model proves that a highly complicated piece of technology (a car)
can
be used safely by the general populace once they pass a "driving" test. Why
not do the same for people who use computers? There are car freaks who can't
resist twiddling under the hood and there are people who just want the thing
to start and get them to where they're going. Same with computers. Everyone
knows to lock their car, keep the keys in a safe place, be careful who you
lend the car to and yes, get the occasional speeding ticket. Why not the
same
for computers?
Yeah, people drive w/o licenses, the net shouldn't be regulated (I've heard
all of this before) but the CONCEPT of raising user awareness before use
isn't
that hard to grasp. We're spending too much time on the details of security
and ignoring user education. Let's take a lesson from the DMV.

Just my .02.

        Randy Marchany
        VA Tech IT Security Lab
        VA Tech Computing Center
        Blacksburg, VA 24060
        540-231-9523
        marchany () vt edu
        http://security.vt.edu

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: