Full Disclosure mailing list archives

Re: Is user education a lost cause?

From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 20 Jan 2004 17:11:56 -0600 (CST)


        [SNIP]


I think one of the "security community's" basic responsibilities is to
educate users and to never give up on educating users.  After all, one
of the most important parts of our job is writing policy, is it not?  If
that's true, and yet we don't believe users can be educated, then why is
policy writing so important?


So one can claim the proper need to lart severly that person that opend
his 6th copy of e-mail that day containing the same virus that his tem
copies of e-mail the day before infefcted half his co-workers with
yesterday.

pebcak might well predate dos.

Obviously it's because we believe that
policy can change *most* users.  Yes, there will always be some small
percentage that are either stupid or combative, but the vast majority
just need to understand the risks in order to know how to behave in a
secure manner.


Actually no, the vast majority don't really care, it's someone elses
job/responsiblitiy/property.  I seldom lend out my tools to family or
neighbors.  I've learned that folks that use something they especially did
not have to out of pocket for tend to treat that which is not theirs like
it totally lacks any value.

It's also why some companies are making their bottom line off training and
retraining lusers for other companies.  Herding cats is cheaper...

I've told my boss many times, if uptime is the most important issue we
face, then remove the lusers and I can give some dramatic uptime reports
to him in a few months or years.



Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Is user education a lost cause? Schmehl, Paul L (Jan 20)
- Re: Is user education a lost cause? Ron DuFresne (Jan 20)
- Re: Yes, user education is a lost cause ;-) Tobias Weisserth (Jan 21)
- <Possible follow-ups>
- RE: Is user education a lost cause? WolfgangK (Jan 20)