PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
April 2006

Face-Off: Schneier, Ranum debate security awareness training

Marcus Ranum Point When I first got started in computer security, I spent half of my time trying to educate users. I repeatedly warned them, "Don't open attachments from strangers. Choose good passwords. Don't believe everything you read in an e-mail." Security practitioners have shouted themselves hoarse trying to educate users. But has it helped? Obviously, no: Phishing scams are still raking in money, viruses are still spreading, and countless users continue to use their cat's name as a password for their online bank account. In fact, it looks like the situation is getting worse rather than better. The demographics of computing guarantee a constant influx of inexperienced users, each one representing a potential finger poised to click "OK" on the button that releases a Trojan into your network. Why are we still bothering trying to educate them? They aren't learning and they won't learn, so the payoff for user education appears to be near zero. While the average user's attitude concerns me, what really scares me is the ...

Access this PRO+ Content for Free!

Features in this issue

  • Get a Grip!

    MOBILE SECURITY Enterprises need to take control of PDAs, smart phones and other mobile devices to ensure corporate security.

  • Transit Safety

    BITS & BOLTS SSL-encrypted tunnels protect sensitive data traveling the Information Superhighway.

  • E-mail Security

    Tumbleweed's MailGate 5500

Columns in this issue