Full Disclosure mailing list archives
Re: Is user education a lost cause?
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 20 Jan 2004 17:11:56 -0600 (CST)
[SNIP]
I think one of the "security community's" basic responsibilities is to educate users and to never give up on educating users. After all, one of the most important parts of our job is writing policy, is it not? If that's true, and yet we don't believe users can be educated, then why is policy writing so important?
So one can claim the proper need to lart severly that person that opend his 6th copy of e-mail that day containing the same virus that his tem copies of e-mail the day before infefcted half his co-workers with yesterday. pebcak might well predate dos.
Obviously it's because we believe that policy can change *most* users. Yes, there will always be some small percentage that are either stupid or combative, but the vast majority just need to understand the risks in order to know how to behave in a secure manner.
Actually no, the vast majority don't really care, it's someone elses job/responsiblitiy/property. I seldom lend out my tools to family or neighbors. I've learned that folks that use something they especially did not have to out of pocket for tend to treat that which is not theirs like it totally lacks any value. It's also why some companies are making their bottom line off training and retraining lusers for other companies. Herding cats is cheaper... I've told my boss many times, if uptime is the most important issue we face, then remove the lusers and I can give some dramatic uptime reports to him in a few months or years. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Is user education a lost cause? Schmehl, Paul L (Jan 20)
- Re: Is user education a lost cause? Ron DuFresne (Jan 20)
- Re: Yes, user education is a lost cause ;-) Tobias Weisserth (Jan 21)
- <Possible follow-ups>
- RE: Is user education a lost cause? WolfgangK (Jan 20)