Face-off: Is end-user education worth the effort?

Face-off: Is end-user education worth the effort?

Face-off: Is end-user education worth the effort?

Date: Apr 29, 2010

Extensive end-user education has been touted as an information security best practice by some, and as a gigantic waste of time by others. Does pouring time, effort and money into making users security savvy really pay off?

In this face-off, security experts Hugh Thompson, Founder of People Security and Program Committee Chair of the RSA Conference, and Adam Shostack, co-author of The New School of Information Security, discuss whether user security awareness training is really worth it.

More on Security Awareness Training and Internal Threats-Information

  • canderson

    Insider threat prevention may demand more spending

    VIDEO - Video: Randy Trzeciak of Carnegie Mellon University suggests preventing insider threats may require more spending because they pose a greater risk than most external threats.
  • canderson

    Non-malicious insiders: The biggest insider threat of all?

    VIDEO - Video: Insider threats expert Randy Trzeciak explains why non-malicious insiders, particularly developers, pose as much risk to an enterprise as intentionally malicious insiders.
  • canderson

    Insider threat prevention controls to thwart data breach incidents

    VIDEO - deo: Randy Trzeciak reviews recent data breach incidents and details the insider threat prevention controls that may have thwarted those attacks.
  • social engineering attack surface

    Definition - Social engineering attacks usually take advantage of human psychology: the desire for something free, the susceptibility to distraction, or the desire to be liked or to be helpful. The social engineering attack surface is the totality of an individual or a staff’s vulnerability to trickery.
  • Android vulnerability highlights Google's controversial patch policy

    News - WebView vulnerabilities in older versions of Android are putting the majority of Android devices at risk. Google will not provide patches, forcing enterprises to determine the risk posed by unpatched Android devices.

    ( Jan 19, 2015 )

  • Cybersecurity awareness can reduce infection risk up to 70%

    News - A new study from Wombat Security and Aberdeen Group shows that boosting cybersecurity awareness and education among employees can reduce enterprise security risks and cost.

    ( Jan 14, 2015 )

  • social engineering

    Definition - Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.
  • Despite skeptics, security awareness training for employees is booming

    News - Employee security awareness training has been derided in the past, but new Gartner research suggests that a market of competitive, high-quality vendors are making security awareness a must-have.

    ( Nov 04, 2014 )

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: