RE: The home user problem returns

["Sanford Reed" <sanford.reed () cox net>]

Let's see, can we compare this to something else say the disaster that
befell a certain southern US region.

How long did the locals and the US Army Corps of Engineers rant that the
next 'big' Hurricane would cause mass destruction and total flooding in New
Orleans? Was it something like 10 years and how long did Congress and others
ignore them? I'm guessing about 10 yrs. I think the message has finally
gotten thru and I think it takes a similar level of 'pain' on the individual
level to get thru to the end users. 

BUT just because it appears that a large portion aren't listening we can not
give up the RANT (opps that's Education) because unfortunately that
threshold of individual 'pain' differs with each End user. However as more
and more have to rely on a PC in their work environment the more sensitive
those end user will get and the lower the point of 'pain' will become.

Sanford Reed 
(V) 757.406.7067
-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Tina Bird
Sent: Tuesday, September 13, 2005 3:24 PM
To: 'Mason Schmitt'; 'R. DuFresne'
Cc: 'Marcus J. Ranum'; firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] The home user problem returns


> It seems that there are two primary ways in which people 
> change.  Either
> they make a conscious choice to change prior to a problem 
> getting out of
> hand (requires knowledge that there is an impending problem and
> knowledge of how to avoid the problem) or they endure more 
> and more pain
> until they are forced to look at the problem and finally make 
> a choice.

i disagree. i don't know *anyone* who willingly makes a fundamental,
significant change in their behavior without pain as a motivator. for every
example of your first category that you can present, i can *probably*
demonstrate that the "apparent" change is really an example of the person
behaving consistently with some deeper part of their personality, which
isn't changing.

i think it's human nature to resist change altogether unless some sort of
pain - personal, physical, financial - motivates them. it's why carrot and
stick works so well as a way to influence behavior. 

so for me, the question is, how do we influence the *consequences* of badly
configured or managed machines - wherever they are, on corporate networks or
the internet - in order to create the change we want? how do we create a
beneficial sort of pain?

when i'm dealing with my relatives, i just change the configuration of their
computer when i'm visiting. that's not exactly a motivator, but hey, their
machines are fully patched :-)

it's why i'm so interested in NAC and NAP and other sorts of enterprise
technologies that let me use network connectivity as the bribe to get
machines configured the way i want them. i'm creating pain for the end user
by not letting them get to the web without doing what i want - the height of
security admin arrogance, i'm sure, but i try to be reasonable in my
expectations.

cheers - tbird

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards