Full Disclosure mailing list archives
RE: [inbox] Re: CyberInsecurity: The cost of Monopoly
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 30 Sep 2003 05:00:21 -0500 (CDT)
No, I meant proper security training. Is that so hard to understand? Regardless of the OS, every user should know how and why to patch. Every user should understand what social engineering is, how to detect it and what to do about it. Every user should understand physical security, locking your workstation, why you should logout and when, etc., etc. Every user should understand the basics of malicious code, how to spot it, what to do about it, how to recognize hoaxes, where the resources are when they need help. Without user training and an educated user community, no security program can ever hope to succeed.
Which I find too often is a top down failure, to provide even the proper documentation on policies and corporate guidlines. You'd be surprised how many times I have poked up the ladder at those supposedly tasked to provide concrete documents to guide various groups, from admins and network engineers to end users and system setup specialists, to find that the information to point others at does not exist, and though planned for the last two years to be completed, is *not* at present priority. Of course everytime I clime that ladder, all hell breaksout as someone gets pissed their lack of responsibility has been called into accountable inactivity. And far too often the damned messenger gets shot, almost makes one feel like the boarders and handguns of Texas reaches the east coast... Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Schmehl, Paul L (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 30)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 30)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- RE: [inbox] Re: CyberInsecurity: The cost ofMonopoly Steve Wray (Sep 30)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 29)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Ron DuFresne (Sep 30)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Dan Stromberg (Sep 30)
- <Possible follow-ups>
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Schmehl, Paul L (Sep 30)