funsec mailing list archives
Re: Security unawareness
From: <michael.blanchard () emc com>
Date: Thu, 19 Jul 2012 16:16:05 -0400
Can I get an AMEN borthers and sisters!!! Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah Sent: Thursday, July 19, 2012 3:25 PM To: funsec () linuxbox org Cc: infosecbc () yahoogroups com Subject: [funsec] Security unawareness I really don't understand the people who keep yelling that security awareness is no good. Here's the latest rant: http://www.pcworld.com/businesscenter/article/259461/why_you_shouldnt_train_e mployees_for_security_awareness.html The argument is always the same: security awareness is not 100% foolproof protection against all possible attacks, so you shouldn't (it is morally wrong to?) even try to teach security awareness in your company. This guys works for a security consultancy. He says that instead of teaching awareness, you should concentrate on audit, monitoring, protecting critical data, segmenting the network, access creep, incident response, and strong security leadership. (If we looked into their catalogue of seminars, I wonder what we would find them selling?) Security awareness training isn't guaranteed to be 100% effective protection. Neither is AV, audit, monitoring, incident response, etc. You still use those thing even though they don't guarantee 100% protection. You should at least try (seriously) to teach security awareness. Maybe more than just a single 4 hour session. (It's called "defence in depth.") Tell you what: I'll teach security awareness in my company, and you try a social engineering attack. You may hit some of my people: people aren't perfect. But I'll bet that at least some of my people will detect and report your social engineering attack. And your data isolation won't. ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org Often the best way to win is to forget to keep score. - Marianne Espinosa Murphy victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Security unawareness Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 19)
- Re: Security unawareness michael.blanchard (Jul 19)
- Re: Security unawareness rackow (Jul 19)
- Re: Security unawareness michael.blanchard (Jul 19)