Hi! On Tue, Sep 30, 2003 at 04:09:51PM +1000, Chris Cozad wrote: > To actually get users to attend this level of training would be > fantastic. Our jobs would be so much easier. But it just aint > gunna happen in the real world. It is definitely up to us, as > security professionals, to effectively "idiot proof" our > systems, so that users only need to know some basic security > rules.
Unfortunately, there's always the security/convenience-tradeoff, i.e. it's quite difficult to design a system / software that's both very secure and very convenient at the same time. Not to mention trying to achieve that for existing systems, especially after people already got used to them. Ciao Thomas _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
