WSJ needs a smack upside the head

WSJ needs a smack upside the head

I know I am late on posting about this (I am out of whack – trying to sell the house, been sick, had my parents in for two days, my middle child turned 5, working on multiple RFPs, etc, etc, etc.).  But when I saw Andy’s post about this WSJ article about how to evade your company’s security measures, I about crapped my pants.  What an idiotic article!

Vet

4 Replies to “WSJ needs a smack upside the head”

  1. As a IT Security Consultant for the better part of the last decade I think it largely depends on the basic intelligence of the CEO/CIO/CFO you are talking to.
    The smart ones will see the necessity for awareness training while the not so smart ones will make it an “IT only” issue to stay ahead of their users to keep the company safe from harm.

    Unfortunately in times of twindling IT resources this is a battle we cannot win and so I personally got *very* scared when I read the article because of all the (mostly unnecessary and tidious) work this will produce, because virtually everyone *will* test all the proposed ‘workarounds’.

    I am not sure if in the long run the posted article will be considered good or harmfull.

    BR
    Wolfgang

  2. Michael,
    While I agree this was not a very smart thing to publish, I think it really just gave the security community ammunition. For those of you who focus on Awareness training, this is definitely something I would be bringing to management. The conversation is simple, look we are doing everything we can to protect the company, but then WSJ goes and tells the average user how to overcome our defenses, we really should invest in awareness training so our users understand why NOT to do these things. I’m not sure how a resonable and responsible CEO/CIO/CFO could defend against this. Maybe Santa will chime in on this.

    My point, for every idiotic experience in this world, there is an equal opportunity to learn and teach.

Comments are closed.