Security Basics mailing list archives
Re: Security Training for Company's Employee
From: Saqib Ali <docbook.xml () gmail com>
Date: Thu, 22 Sep 2005 10:15:08 -0700
Bruce Schneier wrote in his book: "Many security awareness programs are considered to be worthless by security professional, and I'm inclined to agree with that assessment. In researching the problem, I've discovered that far too many so-called awareness programs are nothing more than speeches informing employees of the consequences of illegal activities. The focus is on employees' misbehaviour and on penalties. Threatening to to fire people caught stealing secrets is not only a waste of time, it's counterproductive. It's no wonder that "security" has such a negative connotation for so many. People learn to fear the word, and they report incident to the department only as a last resort - and sometimes only when they believe they are being set up. ......... Program that focus on penalties do nothing to educate, and that should be the primary purpose of any awareness program." Buy the book < http://www.schneier.com/book-sandl.html > for Bruce's recommendation for creating a Security awareness program. On 9/19/05, Syn Ack <thin.hack () gmail com> wrote:
Hello listmembers, I've just began a new job two months ago and I'm currently in charge of improving the information security level in our company. As part of this process I've been asked to create a InfoSec training for all the company employees. I plan to split my training in several classes for different kind of audience: general, management, sales, technical,
-- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- Security Training for Company's Employee Syn Ack (Sep 19)
- Re: Security Training for Company's Employee Saqib Ali (Sep 20)
- Re: Security Training for Company's Employee Stacey Blanc (Sep 26)
- Re: Security Training for Company's Employee Henrik Becker (Sep 20)
- Re: Security Training for Company's Employee Saqib Ali (Sep 26)
- RE: Security Training for Company's Employee Boubacar Fadiga (Sep 26)
- RE: Security Training for Company's Employee Kenton Smith (Sep 26)
- <Possible follow-ups>
- Re: Security Training for Company's Employee sf_mail_sbm (Sep 20)
- RE: Security Training for Company's Employee Burton Strauss (Sep 22)
- Re: Security Training for Company's Employee sburns (Sep 22)
- Re: Security Training for Company's Employee Topi Ylinen (Sep 22)
- Re: Security Training for Company's Employee Saqib Ali (Sep 20)