Interestingly enough, I happened to get one of those nasty emails at my company the other day: "click here and run this vital update!" things. I forwarded it on to IT and send a sanitized version to the CTO and VP of HR requesting we start a simple security awareness program. Both responded that they hadn't seen that email. End of discussion. Last night, the VP of HR got the same message and in a panic sent me a quick note, "please advise - how do we block this?". I'm trying again with the security awareness program... again.
Happy Security Awareness Month<http://www.dhs.gov/files/programs/gc_1158611596104.shtm>. And for what it's worth it's also Cephalopod Awareness Day<http://scienceblogs.com/pharyngula/2007/10/its_international_cephalopod_a.php>this month. Which one do YOU think is getting more attention? Dan On Mon, Oct 12, 2009 at 5:01 PM, Kennith Asher <[email protected]> wrote: > I really like Craig's idea of proposing the solution rather than pulling > the plug. If the boss says no, the scope of change, cost and impact are all > documented as well. I also like the idea of demonstrating the failure via a > pen test or via a simple hack. > > CYA is personally important but there is nothing at all satisfying about > losing employment because your company was sunk by a hacker especially if > you could have done something about it. > > -- Dan McGinn-Combs, Security+, GSEC, CISSP, CISA [email protected] Google Voice: +1 404 492 7532 Peachtree City, Georgia USA
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
