I'm not prepared to throw IT security awareness training out the window, but I agree with Aitel's position that enterprises should approach security with the assumption that some users will ignore what they were taught.
He writes that "a user has no responsibility over the network," but that may not be realistic in this era. All of my users have a certain responsibility when it comes to protecting the network, just as we all have responsibility for our physical environment. If I'm the last person to leave the office but I don't lock the door, I'm neglecting my responsibilities. I can argue that I'm not the person in charge of facilities, but that doesn't fly. If I'm using an asset--regardless of what that asset is--I have a role in protecting it to the degree that I can. He also says that users "don't have the ability to recognize or protect against modern information security threats any more than a teller can protect a bank." Bad analogy. Bank tellers certainly DO have a role in protecting the bank's assets, such as requiring that customers provide proper ID before handing out cash. John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, July 18, 2012 3:43 PM To: NT System Admin Issues Subject: Dave Aitel on end user security training I must say, I have to agree, for most business cases http://www.csoonline.com/article/711412/why-you-shouldn-t-train-employees-for-security-awareness OTOH, I don't think you have much alternative when dealing with family and friends - training is pretty much all there is. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin