RE: The home user problem returns

["Brian Loe" <knobdy () stjoelive com>]

> -- Educating users has been proven to work at company after company.
> Help desk calls, viral infections, falling victim to phishing 
> emails, and more, have been quantitatively and demonstrably 
> reduced at companies that institute end-user security training. 

I'm pretty sure I recently saw a GAO report showing NO improvement in at
least one government agency - with SEVERE security issues.


> -- And how do you know "it" (educating end users) is not 
> working? We have no before/after comparison on what the 
> Internet would be like if all of us who preach security had 
> stopped five years ago.  

We have a before and after picture in as much as we EVER will be able to.
You have to look at it like a statistician - you can't query the world
(though some of us have seemed to of forgotten that we ARE talking about a
GLOBAL community) but you can look at smaller cross-sections of the world.
Your company, his ISP, and the like.


> Am I really the only one on this list who thinks so? Or 
> Marcus, did I misinterpret you?

I think education still deserves a chance, but lets make it REAL education.
When you are told to do something you may forget, but when you are told to
do something, shown how and given the TOOLS to do it with it becomes much
more difficult to forget.

As discussed in a previous message, why doesn't my cable or dsl modem come
with a firewall built into it - and why isn't there documentation on how to
configure it along with strict settings configured by default? If you REALLY
want to get proactive, and you're in a position to do so (ISP), that's how
you make a difference.

In my view, there's been plenty of education in the preaching variety, what
we need is teaching.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards