Educause Security Discussion mailing list archives
Re: Spaf did not receive your email (was Re: [SECURITY ] Job Descriptions)
From: "Piazza, John" <jpiazza () ITS UAB EDU>
Date: Thu, 27 Feb 2003 11:14:53 -0600
Very well said, Randy - especially when you consider about 75-80% of security is policy/education and training - IMHO. John John Piazza Data Security Officer/HIPAA Compliance Officer The University of Alabama at Birmingham 205-975-0842 -----Original Message----- From: Randy Marchany [mailto:marchany () VT EDU] Sent: Thursday, February 27, 2003 10:44 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Spaf did not receive your email (was Re: [SECURITY] Job Descriptions)
But, it means that I have to have my virus patterns updated very often
(which
happens automatically), and we also have Antigen from Sybari on our Exchange servers, so 99.9% of the emailed viruses never make it to my desktop.
So do we but I have copies of Trojan programs that still pass through AV filters undetected. We should never forget the trojan threat. That's why I fear the Office attachments. I have long said that users need to get a "Network Drivers License" before they get on the net. Nothing fancy, just basic awareness and good practices. The DMV model proves that a highly complicated piece of technology (a car) can be used safely by the general populace once they pass a "driving" test. Why not do the same for people who use computers? There are car freaks who can't resist twiddling under the hood and there are people who just want the thing to start and get them to where they're going. Same with computers. Everyone knows to lock their car, keep the keys in a safe place, be careful who you lend the car to and yes, get the occasional speeding ticket. Why not the same for computers? Yeah, people drive w/o licenses, the net shouldn't be regulated (I've heard all of this before) but the CONCEPT of raising user awareness before use isn't that hard to grasp. We're spending too much time on the details of security and ignoring user education. Let's take a lesson from the DMV. Just my .02. Randy Marchany VA Tech IT Security Lab VA Tech Computing Center Blacksburg, VA 24060 540-231-9523 marchany () vt edu http://security.vt.edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Re: Spaf did not receive your email (was Re: [SECURITY ] Job Descriptions) Howell, Paul (Feb 27)
- <Possible follow-ups>
- Re: Spaf did not receive your email (was Re: [SECURITY ] Job Descriptions) Piazza, John (Feb 27)