Blogcast: Starting an End User Security Discussion
Recently I've been thinking more and more about the problem of end user risk. It was prompted by some discussions with a small company here who lamented that they had to place extreme policy controls in place because their users would "wreck it " otherwise...
So I thought - I wonder why their users are so very dangerous to them? (Apart from the obvious of course...) So I went and spoke to a few of their users. They told me that the IT area used confusing words and couldn't explain why security was important to them so it wasn't seen as relevant. It seemed to me that this organisation forgot that People, Process and Technology need to work together to truly address security. The more I spoke to other people in IT, the more I realised that this is a consistent problem. In IT we always manage to get the technology side (more or less) right - and sometimes we do the Process side - but we always miss the People bit. In many cases - the security breaches we see in businesses are caused by users and their naivety or ignorance as to the correct procedure or safe practise and a lot of these cases stem from a lack of end user security education.
So I've recorded another blogcast/screencast/video thingy on the problems with motivating users around security and changing your perceptions in the eyes of the users.
After you're done watching that I've linked to some resources that you can download to begin this process of starting this conversation with the users and demonstrating some education that will not only help them at work but also at home.
Screencast
Resources
- End User Security Discussion Resources (120MB Download)
While you're at it...I'm curious to know how many of you find this area of security challenging? Fill out my online anonymous poll so we can see if its a consistent theme.
https://polls.zoho.com/mkleef/end-user-security#addComm
Updated: 25/9 4:12pm - Embedded survey wasnt working properly so Ive replaced it with a direct link to it.
Comments
Anonymous
January 01, 2003
PingBack from http://www.gadgetgadget.info/?p=21938Anonymous
January 01, 2003
Actually Thommo you were right... One of our guys installed WSS on the server and it changed the authN I had configured for the site...whoops....should be fine now.Anonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
Nup its just you Thommo....:) Two separate machines of mine work fine!Anonymous
September 26, 2007
Kleefy, It might be just me, but I can't access either the streaming link of the HTTP link. Both prompt for a password from wic245d.server-web.com. Cheers,Anonymous
September 27, 2007
The comment has been removedAnonymous
September 27, 2007
uhmm..last note... anything mms:// related is blocked too :)