HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 35 guests online
 
Advertisement

You are here: Home arrow Featuresarrow /rootarrow People understand risks – but do security staff understand people?
EH-Net
May 23, 2013, 02:53:42 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: People understand risks – but do security staff understand people?  (Read 6522 times)
0 Members and 1 Guest are viewing this topic.
Ants
Newbie
*
Offline Offline

Posts: 25


View Profile
« on: August 06, 2009, 10:27:31 AM »
Here is an article that I came across. I'm not saying that I agree with it but I thought that it was an interesting POV.

Quote
...It seems to me that his co-workers understand the risks better than he does. They know what the real risks are at work, and that they all revolve around not getting the job done. Those risks are real and tangible, and employees feel them all the time. The risks of not following security procedures are much less real. Maybe the employee will get caught, but probably not. And even if he does get caught, the penalties aren't serious.

and it goes on to suggest
Quote
"Fire someone who breaks security procedure, quickly and publicly,"
Here is the full article... http://www.guardian.co.uk/technology/2009/aug/05/bruce-schneier-risk-security
Logged
CEH, GPEN, GCFW
timmedin
Sr. Member
****
Offline Offline

Posts: 469



View Profile WWW
« Reply #1 on: August 09, 2009, 08:39:27 PM »
Quote from: Ants on August 06, 2009, 10:27:31 AM
and it goes on to suggest
Quote
"Fire someone who breaks security procedure, quickly and publicly,"
Here is the full article... http://www.guardian.co.uk/technology/2009/aug/05/bruce-schneier-risk-security

Unless there is a penalty for violating procedures (security or otherwise) then there is no incentive for following them.

For this same reason the Cyber Czar will have no effect. This person doesn't control budget and can't sack anyone so in the end it he will just be another impotent bureaucrat.
Logged
twitter.com/timmedin | http://blog.securitywhole.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.06 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.