Educause Security Discussion mailing list archives
Re: Are users right in rejecting security advice?
From: "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Tue, 16 Mar 2010 11:22:29 -0400
Hi All: So I read this right after I read the FBI IC3 Report that shows the amount of dollar loss in the U.S. doubling from 2008 - 2009 (265m to 559m) - and yes, I know there are a lot of variables and intangibles in those numbers please don't respond yet again with those citations ; the bottom line is that these ARE large numbers of reported loss. Then I read the blog on Dr. Hurley's paper and once again just have to shake my head and wonder when we are going to get it as a society. I'm not going to rant or go on for a long time - I'll just say this: I bet when the end users are held 100% liable for ALL the money they lose or freely give to blackhats by not following good security practices that we will then see a shift in how much interest and participation they take in using the safe-guards we've been asking them to use for years. (right now financial institutions are accepting a lot of the $ loss; however, that is already starting to change). Allison - don't get me wrong I enjoyed the read and definitely appreciated you posting it as it does a great job at providing insights into different (non-security) thought processes. - Kevin Kevin L. McLaughlin, CISM, CISSP, GIAC-GSLC, PMP, ITIL Master Certified Assistant Vice President, Information Security & Special Projects University of Cincinnati 513-556-9177 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Allison Dolan Sent: Tuesday, March 16, 2010 11:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Are users right in rejecting security advice? A rather provocative column re: the cost/benefit of many pieces of security advice. Some points worth considering when planning security awareness training... http://blogs.techrepublic.com.com/security/?p=3275&tag=nl.e036 ......Allison Dolan (617-252-1461)
Current thread:
- Are users right in rejecting security advice? Allison Dolan (Mar 16)
- <Possible follow-ups>
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 16)
- Re: Are users right in rejecting security advice? Stanclift, Michael (Mar 16)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 16)
- Re: Are users right in rejecting security advice? Russell Fulton (Mar 17)
- Re: Are users right in rejecting security advice? Valdis Kletnieks (Mar 17)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Valdis Kletnieks (Mar 17)
- Re: Are users right in rejecting security advice? Vik Solem (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Joe St Sauver (Mar 17)
(Thread continues...)