Educause Security Discussion mailing list archives
Re: Are users right in rejecting security advice?
From: "Stanclift, Michael" <michael.stanclift () ROCKHURST EDU>
Date: Tue, 16 Mar 2010 10:29:12 -0500
I would love to just be able to bill users in man hours required for us cleaning up mail queues after their account is compromised and turned into a spambot, or time spent trying to remove us from blacklists, etc. If they were getting $500 in campus mail to their department, or to them personally, they would probably think differently next time about replying to an email with their password in it. Michael Stanclift | Network Analyst | Computer Services Rockhurst University | 1100 Rockhurst Road, Kansas City, MO 64110 Phone: 816.501.4231 | Fax: 816.501.4014 | http://help.rockhurst.edu<http://help.rockhurst.edu/> PHelp keep our campus green, think before you print! ÏRUCS will never ask you for your password! From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mclaughlin, Kevin (mclaugkl) Sent: Tuesday, March 16, 2010 10:22 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Are users right in rejecting security advice? Hi All: So I read this right after I read the FBI IC3 Report that shows the amount of dollar loss in the U.S. doubling from 2008 - 2009 (265m to 559m) - and yes, I know there are a lot of variables and intangibles in those numbers please don't respond yet again with those citations ; the bottom line is that these ARE large numbers of reported loss. Then I read the blog on Dr. Hurley's paper and once again just have to shake my head and wonder when we are going to get it as a society. I'm not going to rant or go on for a long time - I'll just say this: I bet when the end users are held 100% liable for ALL the money they lose or freely give to blackhats by not following good security practices that we will then see a shift in how much interest and participation they take in using the safe-guards we've been asking them to use for years. (right now financial institutions are accepting a lot of the $ loss; however, that is already starting to change). Allison - don't get me wrong I enjoyed the read and definitely appreciated you posting it as it does a great job at providing insights into different (non-security) thought processes. - Kevin Kevin L. McLaughlin, CISM, CISSP, GIAC-GSLC, PMP, ITIL Master Certified Assistant Vice President, Information Security & Special Projects University of Cincinnati 513-556-9177 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Allison Dolan Sent: Tuesday, March 16, 2010 11:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Are users right in rejecting security advice? A rather provocative column re: the cost/benefit of many pieces of security advice. Some points worth considering when planning security awareness training... http://blogs.techrepublic.com.com/security/?p=3275&tag=nl.e036 ......Allison Dolan (617-252-1461)
Current thread:
- Are users right in rejecting security advice? Allison Dolan (Mar 16)
- <Possible follow-ups>
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 16)
- Re: Are users right in rejecting security advice? Stanclift, Michael (Mar 16)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 16)
- Re: Are users right in rejecting security advice? Russell Fulton (Mar 17)
- Re: Are users right in rejecting security advice? Valdis Kletnieks (Mar 17)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Valdis Kletnieks (Mar 17)
- Re: Are users right in rejecting security advice? Vik Solem (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Joe St Sauver (Mar 17)
- Re: Are users right in rejecting security advice? Perloff, Jim (Mar 17)
(Thread continues...)