Comments on: WSJ needs a smack upside the head http://infosecplace.com/blog/2007/08/02/wsj-needs-a-smack-upside-the-head/ Commentary on the State of Information Security Thu, 02 Feb 2012 20:22:19 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Wolfgang Leithner http://infosecplace.com/blog/2007/08/02/wsj-needs-a-smack-upside-the-head/comment-page-1/#comment-19607 Wolfgang Leithner Thu, 09 Aug 2007 12:31:50 +0000 http://infosecplace.com/blog/2007/08/02/wsj-needs-a-smack-upside-the-head/#comment-19607 As a IT Security Consultant for the better part of the last decade I think it largely depends on the basic intelligence of the CEO/CIO/CFO you are talking to. The smart ones will see the necessity for awareness training while the not so smart ones will make it an "IT only" issue to stay ahead of their users to keep the company safe from harm. Unfortunately in times of twindling IT resources this is a battle we cannot win and so I personally got *very* scared when I read the article because of all the (mostly unnecessary and tidious) work this will produce, because virtually everyone *will* test all the proposed 'workarounds'. I am not sure if in the long run the posted article will be considered good or harmfull. BR Wolfgang As a IT Security Consultant for the better part of the last decade I think it largely depends on the basic intelligence of the CEO/CIO/CFO you are talking to.
The smart ones will see the necessity for awareness training while the not so smart ones will make it an “IT only” issue to stay ahead of their users to keep the company safe from harm.

Unfortunately in times of twindling IT resources this is a battle we cannot win and so I personally got *very* scared when I read the article because of all the (mostly unnecessary and tidious) work this will produce, because virtually everyone *will* test all the proposed ‘workarounds’.

I am not sure if in the long run the posted article will be considered good or harmfull.

BR
Wolfgang

]]> By: The Compliance & Security Connection http://infosecplace.com/blog/2007/08/02/wsj-needs-a-smack-upside-the-head/comment-page-1/#comment-19603 The Compliance & Security Connection Wed, 08 Aug 2007 17:39:46 +0000 http://infosecplace.com/blog/2007/08/02/wsj-needs-a-smack-upside-the-head/#comment-19603 <strong>Wall Street Journal post Raises Ire of IT Security Pros...</strong> The Compliance and Security Connection Home Page A recent Wall Street Journal post by Vauhini Vara, Ten Things Your IT Department Won't Tell You, provided suggestions for doing an end-around your IT department. As you might expect, the topics centered... Wall Street Journal post Raises Ire of IT Security Pros…

The Compliance and Security Connection Home Page A recent Wall Street Journal post by Vauhini Vara, Ten Things Your IT Department Won’t Tell You, provided suggestions for doing an end-around your IT department. As you might expect, the topics centered…

]]> By: Michael Farnum http://infosecplace.com/blog/2007/08/02/wsj-needs-a-smack-upside-the-head/comment-page-1/#comment-19573 Michael Farnum Thu, 02 Aug 2007 20:32:57 +0000 http://infosecplace.com/blog/2007/08/02/wsj-needs-a-smack-upside-the-head/#comment-19573 <p>Damn it, Tim! Stop being so optimistic! I am trying to spread FUD here! :)</p> <p>Actually, very good point</p> Michael Damn it, Tim! Stop being so optimistic! I am trying to spread FUD here! :)

Actually, very good point

Michael

]]> By: Tim Wagner http://infosecplace.com/blog/2007/08/02/wsj-needs-a-smack-upside-the-head/comment-page-1/#comment-19572 Tim Wagner Thu, 02 Aug 2007 20:16:19 +0000 http://infosecplace.com/blog/2007/08/02/wsj-needs-a-smack-upside-the-head/#comment-19572 Michael, While I agree this was not a very smart thing to publish, I think it really just gave the security community ammunition. For those of you who focus on Awareness training, this is definitely something I would be bringing to management. The conversation is simple, look we are doing everything we can to protect the company, but then WSJ goes and tells the average user how to overcome our defenses, we really should invest in awareness training so our users understand why NOT to do these things. I'm not sure how a resonable and responsible CEO/CIO/CFO could defend against this. Maybe Santa will chime in on this. My point, for every idiotic experience in this world, there is an equal opportunity to learn and teach. Michael,
While I agree this was not a very smart thing to publish, I think it really just gave the security community ammunition. For those of you who focus on Awareness training, this is definitely something I would be bringing to management. The conversation is simple, look we are doing everything we can to protect the company, but then WSJ goes and tells the average user how to overcome our defenses, we really should invest in awareness training so our users understand why NOT to do these things. I’m not sure how a resonable and responsible CEO/CIO/CFO could defend against this. Maybe Santa will chime in on this.

My point, for every idiotic experience in this world, there is an equal opportunity to learn and teach.

]]>