4 posts • joined 8 Apr 2009
Cool down Anonymous Coward. I'm in the trenches like most everyone else - no manager here.
I just see time and time again that people just don't get it unless you slap them over the head with it again and again in a number of different ways.
You can't go at this in a willy-nilly way because it can quickly become a big waste of $$$. You need to put together some ongoing training plan to evolve the organization from being clueless into security-aware. That way you minimizing your changes of getting 0wned.
By the way, I hate you too. :)
It All Comes Down to User Awareness Training
Although this article brings up a lot of good points, I think one thing they are missing is continual user awareness training. Many security lapses, including blabbing sensitive information on social networking sites, are caused by unwitting users that just don't know any better. After major security events, most organizations take "diet" approach where everybody is trained and brought up to speed on the latest ways to avoid problems. Organizations need to instead make a lifestyle change and learn to "eat right" by investing in and managing a comprehensive security awareness program.
No Scripting for You
Like I said on another post reporting the same thing ... "Scripting just needs to be off by default with a whitelist of known good sites. Users can then customize the whitelist to their own needs ... sort of like NoScript ... except I don't think NoScript works for Adobe products." I'd like to add that maybe alternative readers could also help - e.g., FoxIt. A little bit of variety makes it a little harder to get mass 0wnage at least.
Agree but More Is Needed
To some degree this is true however MS does need to make the system more secure by default. Also you have to consider users due to the prominence of social engineering attacks.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Pic 7 AMAZING experiments set for Mars Rover 2020 – including oxygen generation
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs
- Boffins spot weirder quantum capers as neutrons take the high road, spin takes the low