Full Disclosure mailing list archives
RE: [inbox] Re: CyberInsecurity: The cost of Monopoly
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 30 Sep 2003 05:00:21 -0500 (CDT)
No, I meant proper security training. Is that so hard to understand? Regardless of the OS, every user should know how and why to patch. Every user should understand what social engineering is, how to detect it and what to do about it. Every user should understand physical security, locking your workstation, why you should logout and when, etc., etc. Every user should understand the basics of malicious code, how to spot it, what to do about it, how to recognize hoaxes, where the resources are when they need help. Without user training and an educated user community, no security program can ever hope to succeed.
Which I find too often is a top down failure, to provide even the proper
documentation on policies and corporate guidlines. You'd be surprised
how many times I have poked up the ladder at those supposedly tasked to
provide concrete documents to guide various groups, from admins and
network engineers to end users and system setup specialists, to find that
the information to point others at does not exist, and though planned for
the last two years to be completed, is *not* at present priority. Of
course everytime I clime that ladder, all hell breaksout as someone gets
pissed their lack of responsibility has been called into accountable
inactivity. And far too often the damned messenger gets shot, almost
makes one feel like the boarders and handguns of Texas reaches the east
coast...
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Schmehl, Paul L (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 30)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 30)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- RE: [inbox] Re: CyberInsecurity: The cost ofMonopoly Steve Wray (Sep 30)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 29)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Ron DuFresne (Sep 30)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Dan Stromberg (Sep 30)
- <Possible follow-ups>
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Schmehl, Paul L (Sep 30)