"There's lots of innovation going on in security - we're inundated with a steady stream of new stuff and it all sounds like it works just great. Every couple of months I'm invited to a new computer security conference, or I'm asked to write a foreword for a new computer security book. And, thanks to the fact that it's a topic of public concern and a "safe issue" for politicians, we can expect a flood of computer security-related legislation from lawmakers. So: computer security is definitely still a "hot topic." But why are we spending all this time and money and still having problems?"
To read all comments associated with this story, please click here.
Member since:2005-07-06
To clarify my stance from my previous post regarding "Educating users" -- if one can improve security by educating users, one should educate users, if one can improve security without needing to educate users, one should do that as well. Of course, it is better only the latter case to occur -- since then experts won't have to deal with users, but unfortunately, often one has if one wants better security.
So, in other words, the stance of the author of the article that the our strategy should not be to educate users, because it is dumb, is clearly, simplistic and dumb itself. In any case, there cannot be ultimate security if users are not educated -- how is knowing not to click on an Anna Kournikova virus-infected e-mail not a social problem, and hacking is a social problem? By solely technical means, one can make it harder for users to run the attachment, but there is a ceiling that is hit at one moment and from that point, one can progress solely through educating users. Of course, that does not mean that one will be successful at educating users, but that is another case, and there are various types of training and learning that I do not think have been applied to people and may turn out to bear good results if the strategy is to educate users AS WELL AS do everything technically possible to solve the security problems.
Member since:
2005-07-06
Hehe, by good I mean that there is merit those ideas to be called "dumb", but "Educating users" is not one of them.