Security Management Strategies for the CIOAccess "Face-Off: Schneier, Ranum debate security awareness training"
This article is part of the April 2006 issue of Security survivor all stars explain their worst data breaches
Marcus Ranum Point When I first got started in computer security, I spent half of my time trying to educate users. I repeatedly warned them, "Don't open attachments from strangers. Choose good passwords. Don't believe everything you read in an e-mail." Security practitioners have shouted themselves hoarse trying to educate users. But has it helped? Obviously, no: Phishing scams are still raking in money, viruses are still spreading, and countless users continue to use their cat's name as a password for their online bank account. In fact, it looks like the situation is getting worse rather than better. The demographics of computing guarantee a constant influx of inexperienced users, each one representing a potential finger poised to click "OK" on the button that releases a Trojan into your network. Why are we still bothering trying to educate them? They aren't learning and they won't learn, so the payoff for user education appears to be near zero. While the average user's attitude concerns me, what really scares me is the apparent failure of user education to... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Secure Reads: The Database Hacker's Handbook
Read a review of The Database Hacker's Handbook.
-
Recent Releases: Security product briefs, April 2006
Read about security products released in April 2006.
-
Transit Safety
BITS & BOLTS SSL-encrypted tunnels protect sensitive data traveling the Information Superhighway.
-
Security Survivor All-Stars
COVER STORY Five security survivors tell you how to outwit, outplay and outlast the bad guys.
-
Antispyware / Patch Management
Shavlik Technologies' NetChk Protect 5.5
-
Secure Reads: The Database Hacker's Handbook
-
-
Security Device Testing
Karalon's Traffic IQ Pro 1.0
-
Get a Grip!
MOBILE SECURITY Enterprises need to take control of PDAs, smart phones and other mobile devices to ensure corporate security.
-
E-mail Security
Tumbleweed's MailGate 5500
-
Hot Pick: F5 Network's FirePass 4100 Controller
F5 Network's FirePass 4100 Controller
-
Access Security
KoolSpan's SecurEdge
-
Security Device Testing
-
Columns
-
Ping: Jane Scott Norris
Jane Scott Norris
-
Face-Off: Schneier, Ranum debate security awareness training
Is User Education Working?
-
Editor's Desk: The power of one
Tribal Council
-
Perspectives: Putting out a call for self-defending clients
by M. W. Meyer & Eric Sager, Contributors
Network perimeter defenses have crumbled. What we need now are self-defending clients.
-
Ping: Jane Scott Norris
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...