Security's Everyman

Security's Everyman

Friday, August 31, 2007

Information Security Poll

My latest information security poll was a hit with y'all. It received more votes than the other 3 combined. I was very pleased to see the response. I have to admit that I did solicit a couple of votes towards the end of the poll. I was in a chat room with some of the other members of the Security Catalyst Community and since I was just a couple of votes shy of 100 I asked any of them who hadn't already voted (and shame on my friends for not being the first) :) to go ahead and vote to push me over the 100 vote mark.

I have to admit that I am quiet surprised at the results. I honestly expected about 95 to 98 percent of the votes to go to the last 2 options (Slightly or None). While they did receive the majority of the votes it was only about 73% of the total vote. The second option (Mostly) received about 26% of the vote and the first option (Completely) received 1% of the votes. My first glance says that some of you were not being completely honest (yes I'm talking to you who voted for option 1). But then Cutaway pointed out to me that there were a couple of different ways to interpret the question and the response could vary depending on your interpretation. As I looked back at the question I see how that could be so I take back what I said of you who voted for option 1. :) Then there is the possibility that those of you who voted for option 1 were talking about yourself. Maybe you are your user.

If the results of this poll really do show that a full 26% of you trust your users to act securely and there was no misunderstanding of the question then that is quiet encouraging. It tells me that y'all are doing a good job in getting the message of security out to your users and that they are listening. I would love to talk with some of you about what it is you are doing that is working so well for you. Please drop me a note either in the comments or via email.

As usual I don't have a question for the next poll yet, but I'll have something in a day or two. Monday is a holiday here in the US so it may be Tuesday before I have something up. I'm hoping to spend most of the weekend enjoying spending time with my Wife and daughters and not blogging or coming up with another poll. Yet, you never know. I am up earlier than them most of the time and that's when I try to catch up on reading and blogging.

1 comment:

Cutaway said...

Sir,

I definitely voted for "Mostly." I did this because I do believe that the majority of users do want to be secure. The fact that sometimes they do not know better, in my opinion, cannot be held against them.

It is easy for people to say that they should be aware. And there are a lot of people out there who chide people for not realizing what they were doing was not the best idea or the most secure way. We often read about how malicious individuals take the defense that the end-user should have know better. But, technology is technology. Not everybody knows the security risks of each and every one. We cannot expect them to. We know technology because it is our passion. Most people use technology because it serves a purpose and their passion is something else.

I know that was not what you were getting at. You were trying to determine what people felt about the state of their environment and the effectiveness of their education program. But, as I stated, I answered to the intent of the average end-user which is to be secure as they know how. Well, at least most of them.

Go forth and do good things,
Cutaway

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.