I agree with Andrew completely. The premise of the article is flawed - nobody is doing security training INSTEAD of securing critical files or perimeter defenses. The fact remains the users SHOULD have at least some training to help boost their security awareness.
No level of "perimeter defense" saves you when a bad guy calls your end user on the phone and gets them to tell their password. What saves you there is a user who is smart enough to refuse to give their password to strangers over the phone. And that too often takes training. Ben M. Schorr Chief Executive Officer ______________________________________________ Roland Schorr & Tower www.rolandschorr.com<http://www.rolandschorr.com/> From: Andrew S. Baker [mailto:[email protected]] Sent: Wednesday, July 18, 2012 13:06 To: NT System Admin Issues Subject: Re: Dave Aitel on end user security training I think that the comments were far more instructive than the article itself. >>I'll admit, it's hard to find broad statistical evidence that supports this >>point-of-view I've seen marked improvement in internet behavior in 3 different organizations where I was able to implement security awareness training. We went from more than 60% clicking on things they shouldn't, to less than 5% based on monthly testing. This had a very tangible benefit in security remediation, which saved tons of time and effort. I submit that if your security awareness training isn't working, then it's the specific implementation of training that should be evaluated, not the entire concept of training. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Wed, Jul 18, 2012 at 3:43 PM, Kurt Buff <[email protected]<mailto:[email protected]>> wrote: I must say, I have to agree, for most business cases http://www.csoonline.com/article/711412/why-you-shouldn-t-train-employees-for-security-awareness OTOH, I don't think you have much alternative when dealing with family and friends - training is pretty much all there is. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
