Tuesday, April 25, 2006
Is it the users's fault? Another round of the debate.
Information Security Magazine had a Point/Counterpoint about whether user security education works. Could have been an interesting debate between two highly qualified and experienced people, except both of them agreed. They think user education is futile.
Fortunately, you can find a contrasting opinion from Scott Pinzon, editor of Watchguard Wire. (Disclosure: they paid me for an article once). He puts it more politely, but suggests that maybe security education has been failing because computer geeks have been the ones doing it.
None of them mentioned that some contractual and even legal security requirements call for a security awareness program. If user education doesn't work, then a lot of people are being compelled to waste money.
I'll step back from the debate and point out that if user education doesn't work then nothing else will work. Technology can't overcome the force of people trying to get their jobs done in spite of security hassles. If user education is hopeless, then security is hopeless (and consultants like me have work for life).
|
Fortunately, you can find a contrasting opinion from Scott Pinzon, editor of Watchguard Wire. (Disclosure: they paid me for an article once). He puts it more politely, but suggests that maybe security education has been failing because computer geeks have been the ones doing it.
None of them mentioned that some contractual and even legal security requirements call for a security awareness program. If user education doesn't work, then a lot of people are being compelled to waste money.
I'll step back from the debate and point out that if user education doesn't work then nothing else will work. Technology can't overcome the force of people trying to get their jobs done in spite of security hassles. If user education is hopeless, then security is hopeless (and consultants like me have work for life).
# posted by Frederick @ 8:06 PM Email to a friend:
Haloscan: they provide trackback