Penetration Testing mailing list archives
RE: Enterprise Trainaing Programs
From: Christine Kronberg <seeker () shalla de>
Date: Thu, 8 Jun 2006 23:51:58 +0200 (CEST)
On Wed, 7 Jun 2006, Michael Scheidell wrote: *snip*
Would you believe spammers dumb enough to send spam to the MESSAGE ID because it looked like a valid email address? But I digress....
A bit offtopic, but: the answer is yes. Spammers are dumb enough to do that. I've found entries in my mail logs indicating just that. Anyhow, there are better ways to protect oneself against spam; there is no need for forging the own email address. [OP:]
My questions: What are aother large companies doing for training of the user base?
It depends. Some have awareness programs (half day lectures) every six months as a must for the employees. I saw others just giving an intro to the new guys and that's it. The latter is, of course, not recommended. There is only one large company I know of that has invested lots of money in regular awareness lectures and cbts. But then, they also modified their coporate culture to reflect the security concern. From the top management to the bottom. They talk very open (internally) about security topics. Without that, I don't think that whatever you choose to create and maintain security awareness is going work. If the top management does not take security serious, the employees won't do that either. It's a management process, technic and tools come second. Cheers, Christine Kronberg. ------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Enterprise Trainaing Programs mail (Jun 05)
- Re: Enterprise Trainaing Programs Dietrich Heusel (Jun 07)
- Re: Enterprise Trainaing Programs Martin W. Freiss (Jun 07)
- Re: Enterprise Trainaing Programs killy (Jun 07)
- <Possible follow-ups>
- Re: Enterprise Trainaing Programs mikejones (Jun 07)
- RE: Enterprise Trainaing Programs Michael Scheidell (Jun 07)
- RE: Enterprise Trainaing Programs Christine Kronberg (Jun 08)
- RE: Enterprise Trainaing Programs Michael Scheidell (Jun 12)