The whole article seems based on the premise that IT asks for end user security training because they are looking to dodge blame, not, you know, as part of a more comprehensive Security process which includes automation processes and layered defense.
It's like saying you shouldn't lock your car because they could just break a window to get in, you should hire a security gaurd that sits in your car while you are not there. Steven Peck http://www.blkmtn.org On Wed, Jul 18, 2012 at 3:08 PM, Ben M. Schorr <[email protected]>wrote: > I agree with Andrew completely. **** > > ** ** > > The premise of the article is flawed – nobody is doing security training > INSTEAD of securing critical files or perimeter defenses. The fact remains > the users SHOULD have at least some training to help boost their security > awareness.**** > > ** ** > > No level of “perimeter defense” saves you when a bad guy calls your end > user on the phone and gets them to tell their password. What saves you > there is a user who is smart enough to refuse to give their password to > strangers over the phone.**** > > ** ** > > And that too often takes training.**** > > ** ** > > Ben M. Schorr**** > > Chief Executive Officer**** > > ______________________________________________**** > > Roland Schorr & Tower**** > > www.rolandschorr.com**** > > ** ** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Wednesday, July 18, 2012 13:06 > > *To:* NT System Admin Issues > *Subject:* Re: Dave Aitel on end user security training**** > > ** ** > > I think that the comments were far more instructive than the article > itself.**** > > ** ** > > *>>**I'll admit, it's hard to find broad statistical evidence that > supports this point-of-view***** > > ** ** > > ** ** > > I've seen marked improvement in internet behavior in 3 different > organizations where I was able to implement security awareness training. > We went from more than 60% clicking on things they shouldn't, to less than > 5% based on monthly testing. This had a very tangible benefit in security > remediation, which saved tons of time and effort.**** > > ** ** > > I submit that if your security awareness training isn't working, then it's > the specific implementation of training that should be evaluated, not the > entire concept of training. > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > > > **** > > On Wed, Jul 18, 2012 at 3:43 PM, Kurt Buff <[email protected]> wrote:*** > * > > I must say, I have to agree, for most business cases > > > > http://www.csoonline.com/article/711412/why-you-shouldn-t-train-employees-for-security-awareness > > > OTOH, I don't think you have much alternative when dealing with family > and friends - training is pretty much all there is. > > Kurt**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
