Educause Security Discussion mailing list archives
Re: Are users right in rejecting security advice?
From: "Jansen, Morgan R." <morgan.jansen () ROSALINDFRANKLIN EDU>
Date: Wed, 17 Mar 2010 14:58:21 -0500
This is such an interesting discussion! I agree that security must be tailored for the institution. Relating the reasoning to the user base and giving them training is key. My husband works with me and hated when we implemented more restrictive password policies. I have found that when people understand why they are more restrictive and are given some tips on how to remember their passwords they are more agreeable. Morgan Jansen morgan.jansen () rosalindfranklin edu <mailto:morgan.shank () rosalindfranklin edu> ________________________________ From: The EDUCAUSE Security Constituent Group Listserv on behalf of Patrick Ouellette Sent: Wed 3/17/2010 2:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Are users right in rejecting security advice? Problem is, without enforceable laws/policies and strong support for it from management, "best practices" ends up being the reality ... What's the old saying about standards? "The fun with standards is that there's so many to choose from", and since none of them have the force/weight of law... choose with impunity! Sincerely, Patrick Ouellette Algonquin College - School of Advanced Technology Program Coordinator: Computer Systems Technician & Technology - Networking / Security Programs Professor - Computer Studies Department
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eric Case Sent: March-17-10 3:03 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Are users right in rejecting security advice?-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russell Fulton Sent: Wednesday, March 17, 2010 1:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Are users right in rejecting security advice?<snip>I now cringe when I hear the phrase "Best Practice" when applied to securityThe problem I see with "Best Practice," "Best Known Practice," "Effective Practices," etc. is one size fits some. Is that "Best Practice" for a small, centralized, risk-adverse institution or a large, decentralized, risk-accepting institution? -Eric Eric Case, CISSP eric (at) ericcase (dot) com http://www.linkedin.com/in/ericcase --
Current thread:
- Re: Are users right in rejecting security advice?, (continued)
- Re: Are users right in rejecting security advice? Brad Judy (Mar 17)
- Re: Are users right in rejecting security advice? David Escalante (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Michael Van Norman (Mar 17)
- Re: Are users right in rejecting security advice? Basgen, Brian (Mar 17)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
- Re: Are users right in rejecting security advice? Jansen, Morgan R. (Mar 17)
- Re: Are users right in rejecting security advice? Dick Jacobson (Mar 17)
- Re: Are users right in rejecting security advice? John Nunnally (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
- Re: Are users right in rejecting security advice? Roger Safian (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Ken Connelly (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Steven Alexander (Mar 17)
(Thread continues...)