HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 118 guests and 5 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Featuresarrow /rootarrow People understand risks – but do security staff understand people?
EH-Net
February 10, 2012, 07:41:39 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: People understand risks – but do security staff understand people?  (Read 5703 times)
0 Members and 1 Guest are viewing this topic.
Ants
Newbie
*
Offline Offline

Posts: 25


View Profile
« on: August 06, 2009, 10:27:31 AM »
Here is an article that I came across. I'm not saying that I agree with it but I thought that it was an interesting POV.

Quote
...It seems to me that his co-workers understand the risks better than he does. They know what the real risks are at work, and that they all revolve around not getting the job done. Those risks are real and tangible, and employees feel them all the time. The risks of not following security procedures are much less real. Maybe the employee will get caught, but probably not. And even if he does get caught, the penalties aren't serious.

and it goes on to suggest
Quote
"Fire someone who breaks security procedure, quickly and publicly,"
Here is the full article... http://www.guardian.co.uk/technology/2009/aug/05/bruce-schneier-risk-security
Logged
CEH, GPEN, GCFW
timmedin
Sr. Member
****
Offline Offline

Posts: 470



View Profile WWW
« Reply #1 on: August 09, 2009, 08:39:27 PM »
Quote from: Ants on August 06, 2009, 10:27:31 AM
and it goes on to suggest
Quote
"Fire someone who breaks security procedure, quickly and publicly,"
Here is the full article... http://www.guardian.co.uk/technology/2009/aug/05/bruce-schneier-risk-security

Unless there is a penalty for violating procedures (security or otherwise) then there is no incentive for following them.

For this same reason the Cyber Czar will have no effect. This person doesn't control budget and can't sack anyone so in the end it he will just be another impotent bureaucrat.
Logged
twitter.com/timmedin | http://blog.securitywhole.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.192 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge Training: Build Security Skills to Protect and Defend

offsec_130x200-2_jan-feb2012.png
Offensive Security
AWE Live in the Caribbean!
March 5 - 9, 2012

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: Refer_EHN
Including SANS Phoenix 2012, SANS 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.