Re: Improving the Security of Windows Platforms

[Gary Flynn <flynngn () JMU EDU>]

> 6. USER EDUCATION AND SECURITY AWARENESS
>
> 6.1 Work with Higher Ed to create effective educational materials to
> increase (a) understanding of what a computer is, and (b) security and
> "good driving" principles.  Written, streaming video, CD-ROM, and DVD
> versions should be available.  A goal is "technology literacy" as well
> as doing the right thing with regard to security and configuration.
> The resulting material should be freely reproducible.

Most importantly, computer operators need to understand the concept of a
program and what it is capable of doing (anything). I know it sounds simple
but there are a lot of people who don't understand. Then follow that up with
where programs can be found and what is involved in trusting them. Without a
strong understanding of that concept, an operator is reduced to a mindless
button pusher and no amount of lists of "safe or unsafe behavior" will be
sufficient as other things change too rapidly. Other important concepts
include:

client
server
use of privileged vs non-privileged accounts

Then, the threat environment must be explained in great detail and with
examples of incidents and repurcussions.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.