Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Are users right in rejecting security advice?

From: Allison Dolan <adolan () MIT EDU>
Date: Wed, 17 Mar 2010 08:17:09 -0400
Extract from another article re: security awareness: "...If you can
successfully educate users to not accidentally install malware,
you'll immediately eliminate the biggest risk in your environment. Of
course, this is easier said than done. The hackers know this and
count on it..."

......Allison  Dolan (617-252-1461)



On Mar 17, 2010, at 4:18 AM, Russell Fulton wrote:


Part of my daily mantra is that "Security must work for the end
user".  If it does not then they will find ways around it and may
well create far worse problems that the ones we were trying to
fix.  What I mean by 'work' is that the extra effort involved must
be seen as matched to the threat as perceived by the user.  If it
isn't you have two options, you can adopt different strategy to
mitigate the threat that has less impact on the user or you can
educate the user to change their perception of the threat.  Both
are perfectly valid approaches.
Previous By Date Next
Previous By Thread Next

Current thread: