Yesterday I was talking with a VP of a large bank and he asked me what I thought was the biggest problem facing security professionals today. I didn't even have to think hard to come up with my answer. User awareness. Then he asked me how we fix this problem. I had to think a little longer, but then it hit me. This is not a new answer by any means. I've talked about it in the past and I've read what others have said on it also. The answer, at least part of it, is that we, as security professionals, have to take the time to explain security to users.
This isn't easy for many in the tech community. We tend to do better with machines than people. We tend to get irritated when users do stupid things. We don't like it when we try to explain something to them and they give us the "deer in the headlights" look so we give up and walk away. We pass up opportunities to pass some of our knowledge on to others. If we will just come out from the depths of our security lairs and take a little time to figure out how to explain security at a layman's level then we will put see drastic improvements in how users view and practice security.
As I say this I'm thinking about how this ties in perfectly with one of my goals in joining the Security Catalyst Trusted Catalyst Community. As Michael and I talked about the community and what we would both like to see come out of it this one a goal that both of us shared. I'm excited to see what will come from this. Something that we can all use to help educate users is sorely needed.
Security's Everyman
Saturday, January 20, 2007
Fixing Securitys Biggest Problem
Posted by Andy, ITGuy at 10:56 AM
Labels: information security, security awareness training, security catalyst
Subscribe to:
Post Comments (Atom)
6 comments:
How'd the VP take your response? I mean, he likely can see that people make mistakes and some people just will not be teachable. Did he find your response a little unhelpful? I mean, from many viewpoints, if user awareness is our biggest problem, we've already failed. :(
Michael, I'm not sure I agree that we've already lost. We have done a poor job, but it hasn't been our job in reality. Hopefully that is changing.
That "michael" post was me. Not sure why some sites save info I don't recall putting in, lol.
Loner, Glad to see that you are joining the Catalyst community.
I agree with Andy. We're not hopeless and we have not yet lost. There is still hope and we can still be part of the solution instead of whining about "ignorant users".
No, I am not the Michael with the original comment.
I agree with what Andy is saying. One thing that I am proud of is that people alway tell me that I explain things in way that they understand. I decided a long time ago when I started working in the tech support field that I would try to help people learn from their mistakes. That has helped me in all of my support jobs up to today a 1-man IT department for a small municipality.
I think that it should be a GOAL of every support person to try to impart a little knowledge on at least one user every single day.
Great post, and a most excellent blog, Andy. Keep up the good work.
Post a Comment