[EMAIL PROTECTED] wrote: > >On the other hand....without those dimwits I would be out of > >a job...God > >bless the dill's.. > > Yeah, but with the problems and the stupidity of end users, <snip>
> Make a good list wich people can check for themselves. A > knowledge base > maybe with good understandable descriptions of threats and > info on new > things wich might hit them. If they did not obey the list with checks > they can be hold for ignorant, unhelpful, dumb, or any names you can > think off (still stay polite). Prioritize those people by > filtering who > is helpful and sticks with the rules, and people who are just simply > ignorant and not willing to learn from what you tell them. In > the end > it is their own fault and they have to feel how it is to not being > helped that quick. Good points. I have developed just such a list at our organization. In addition to quickly responding to these individuals when they need help, I take the extra time to educate them in security including conducting voluntary classes, put them on an email list that I keep updating with the latest worms and threats and fixes, and even take extra time to do one-on-one to make them feel part of the team. I have even dubbed our group "the white-hats". In return, they have taken it to heart and have become my un-official deputies, keeping their eyes open for security problems from physical (an unknown person walking around suspiciously or a co-worker pasting their password on a monitor) to informational (notifying me of a virus getting through the gateway filter or being able to access something they know they shouldn't). I have found that my time spent has paid me back in a user base (at least part of it) that has become an asset not a liability, as we often think of them. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
