[SNIP}
>
> If we look at this as an endluser problem then our solution is going
> to involve (at least in part) things like luser education and training.
> Individually, this is not necessarily a large task[0], but:
>
> -Educating one luser doesn't help educate other lusers[1]
> (This includes the proposition that me educating my lusers
> doesn't help you educate your lusers)
> -Educating -all- lusers is a large task
> -Single lusers crapping out on their training can be as expensive
> as multiple lusers crapping out[2]
>
> The point being that solutions to endluser problems (approached from
> the endluser end) don't scale. The reason why this is particularly
> problematic is that bad guy activities tend to scale extremely well.
>
Other reasons that this can scale poorly is/are;
-endusers that have the perspective <at least while at work> that
"security is someone elses problem/job"
-education is a process that has to be done again and again,
especially in larger orgs. Even those endusers trained
more then once will tend to do things at work they know
better then to do at home on their own systems. And there
are always new employees/endusers coming in the door.
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 22 2004
Intro
