funsec mailing list archives
Re: Security unawareness
From: rackow () mcs anl gov
Date: Thu, 19 Jul 2012 16:18:17 -0500
According to the article, you really don't need to lock your car when at the mall or your house when you are away. There are still successful thefts taking place and we should work more towards coming up with better ways of preventing them since these are not 100% effective. Training is NOT to make you completely immune, but to improve awareness and response. Having users act as a late(?) warning system on stuff that did get through but looks phishy is still better than them just trusting things and getting infected. In that eutopia, the end user would think that everything is clean and hackers can't get something past the sensors. Therefore EVERYTHING is safe to click on. Even the personal message from the company president asking you to click on the attachment to see naked pictures of his trophy wife. PCWorld should be ashamed of themselves for publishing such dribble. michael.blanchard () emc com made the following keystrokes:
Can I get an AMEN borthers and sisters!!! Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC =B2 Corporation 32 Coslin Drive Southboro, MA 01772 -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On B= ehalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah Sent: Thursday, July 19, 2012 3:25 PM To: funsec () linuxbox org Cc: infosecbc () yahoogroups com Subject: [funsec] Security unawareness I really don't understand the people who keep yelling that security awarene= ss is no = good. Here's the latest rant: http://www.pcworld.com/businesscenter/article/259461/why_you_shouldnt_train= _e mployees_for_security_awareness.html The argument is always the same: security awareness is not 100% foolproof = protection against all possible attacks, so you shouldn't (it is morally wr= ong to?) = even try to teach security awareness in your company. This guys works for a security consultancy. He says that instead of teach= ing = awareness, you should concentrate on audit, monitoring, protecting critical= data, = segmenting the network, access creep, incident response, and strong securit= y = leadership. (If we looked into their catalogue of seminars, I wonder what = we would = find them selling?) Security awareness training isn't guaranteed to be 100% effective protectio= n. = Neither is AV, audit, monitoring, incident response, etc. You still use th= ose thing = even though they don't guarantee 100% protection. You should at least try = (seriously) to teach security awareness. Maybe more than just a single 4 h= our = session. (It's called "defence in depth.") Tell you what: I'll teach security awareness in my company, and you try a s= ocial = engineering attack. You may hit some of my people: people aren't perfect. = But = I'll bet that at least some of my people will detect and report your social = engineering attack. And your data isolation won't. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D (quote = inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org Often the best way to win is to forget to keep score. - Marianne Espinosa Murphy victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Security unawareness Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 19)
- Re: Security unawareness michael.blanchard (Jul 19)
- Re: Security unawareness rackow (Jul 19)
- Re: Security unawareness michael.blanchard (Jul 19)