4 posts • joined Wednesday 8th April 2009 16:32 GMT
Cool down Anonymous Coward. I'm in the trenches like most everyone else - no manager here.
I just see time and time again that people just don't get it unless you slap them over the head with it again and again in a number of different ways.
You can't go at this in a willy-nilly way because it can quickly become a big waste of $$$. You need to put together some ongoing training plan to evolve the organization from being clueless into security-aware. That way you minimizing your changes of getting 0wned.
By the way, I hate you too. :)
No Scripting for You
Like I said on another post reporting the same thing ... "Scripting just needs to be off by default with a whitelist of known good sites. Users can then customize the whitelist to their own needs ... sort of like NoScript ... except I don't think NoScript works for Adobe products." I'd like to add that maybe alternative readers could also help - e.g., FoxIt. A little bit of variety makes it a little harder to get mass 0wnage at least.
It All Comes Down to User Awareness Training
Although this article brings up a lot of good points, I think one thing they are missing is continual user awareness training. Many security lapses, including blabbing sensitive information on social networking sites, are caused by unwitting users that just don't know any better. After major security events, most organizations take "diet" approach where everybody is trained and brought up to speed on the latest ways to avoid problems. Organizations need to instead make a lifestyle change and learn to "eat right" by investing in and managing a comprehensive security awareness program.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Microsoft: Don't listen to 4chan ... especially the bit about bricking Xbox Ones
- Shivering boffins nail Earth's coldest spot
- Exploits no more! Firefox 26 blocks all Java plugins by default