On 4/20/2012 6:46 AM, Chris O'Connell wrote:
So Rich, I see your point about enforcement, but how specifically have addressed the issues of having passwords on post-its? I know you mentioned becoming friends with the users and making security something they care about (which I agree with), but any other suggestions?
It goes both ways. Just as you want your users to take security seriously, we need to take their wants and needs seriously.
Understand the potential threats that you and your users face. Be flexible. One size fits all security policies ignore users' needs. They also ignore how threats grow and change.
We need to be resigned to the fact that there are users who simply won't care no matter what we say or do. All we can do is isolate and contain what we can and be prepared for the inevitable cleanup. And we can hope that the corollary loss of productivity is a convincing argument.
-- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
