On Sun, 25 Oct 2009 19:23:30 CDT, RandallM said: > Now that I re-read you reply I see where we are not on the same > thought. I said "teach" not pick. Most users start out without > knowledge. If in my network I let them stay that way about safety on > the web I provide then its my fault. Today's user if careless usually > ends up without a usable computer. When I fix'em backup they are dumb > with what happen and soon are tired of it and wants to know how to > prevent it.
Yes, that does work for *some* users. My point is that quite often you get users who *refuse* to play along with the security game, causing issues repeatedly. What you said: > truth is, stupid is stupid does. if my users are stupid then I am to > blame. Users are my best defense or worse enemy, depends on the > training I do Actually believing that statement is true 100% of the time will lead to several things: 1) Massive surprise when a trained-but-still-stupid user leaves the back door open and somebody takes advantage of it. 2) Much heavy drinking while you're still in the denial phase. It's been repeatedly shown that if you restrict yourself to the sort of training you can do and remain employed (no training at gunpoint, etc), you'll be lucky if half of the users retain a significant portion of your message. If you have a training program that actually works more than 90% of the time, let us know - the industry needs whatever secret sauce you're putting into it...
pgp0k8Afh898Q.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
