.

People understand risks – but do security staff understand people?

<<

ants

Newbie
Newbie

Posts: 25

Joined: Sun Mar 15, 2009 8:51 am

Location: Ireland

Post Thu Aug 06, 2009 10:27 am

People understand risks – but do security staff understand people?

Here is an article that I came across. I'm not saying that I agree with it but I thought that it was an interesting POV.

...It seems to me that his co-workers understand the risks better than he does. They know what the real risks are at work, and that they all revolve around not getting the job done. Those risks are real and tangible, and employees feel them all the time. The risks of not following security procedures are much less real. Maybe the employee will get caught, but probably not. And even if he does get caught, the penalties aren't serious.


and it goes on to suggest
"Fire someone who breaks security procedure, quickly and publicly,"

Here is the full article... http://www.guardian.co.uk/technology/2009/aug/05/bruce-schneier-risk-security
CEH, GPEN, GCFW
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Aug 09, 2009 8:39 pm

Re: People understand risks – but do security staff understand people?

Ants wrote:and it goes on to suggest
"Fire someone who breaks security procedure, quickly and publicly,"

Here is the full article... http://www.guardian.co.uk/technology/2009/aug/05/bruce-schneier-risk-security


Unless there is a penalty for violating procedures (security or otherwise) then there is no incentive for following them.

For this same reason the Cyber Czar will have no effect. This person doesn't control budget and can't sack anyone so in the end it he will just be another impotent bureaucrat.
twitter.com/timmedin | http://blog.securitywhole.com

Return to /root

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software