|
Title: People understand risks – but do security staff understand people? Post by: Ants on August 06, 2009, 10:27:31 AM Here is an article that I came across. I'm not saying that I agree with it but I thought that it was an interesting POV.
Quote ...It seems to me that his co-workers understand the risks better than he does. They know what the real risks are at work, and that they all revolve around not getting the job done. Those risks are real and tangible, and employees feel them all the time. The risks of not following security procedures are much less real. Maybe the employee will get caught, but probably not. And even if he does get caught, the penalties aren't serious. and it goes on to suggest Quote "Fire someone who breaks security procedure, quickly and publicly," Here is the full article... http://www.guardian.co.uk/technology/2009/aug/05/bruce-schneier-risk-security (http://www.guardian.co.uk/technology/2009/aug/05/bruce-schneier-risk-security)Title: Re: People understand risks – but do security staff understand people? Post by: timmedin on August 09, 2009, 08:39:27 PM and it goes on to suggest Quote "Fire someone who breaks security procedure, quickly and publicly," Here is the full article... http://www.guardian.co.uk/technology/2009/aug/05/bruce-schneier-risk-security (http://www.guardian.co.uk/technology/2009/aug/05/bruce-schneier-risk-security)Unless there is a penalty for violating procedures (security or otherwise) then there is no incentive for following them. For this same reason the Cyber Czar will have no effect. This person doesn't control budget and can't sack anyone so in the end it he will just be another impotent bureaucrat.
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |