On Mon, Oct 26, 2009 at 01:50:26PM +1100, Les Bell wrote: > That's probably true, but if user screwups account for, say, 90% of > breaches, then if half the users clean up their act, that will account for > a 45% improvement in the situation?
That's a wildly optimistic projection. And this in turn is why any security strategy that depends on user education/cooperation has already failed. Completely. It's prudent to presume that one's users are at best utterly incompetent, at worst actively malicious, and design accordingly. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
