Re: Testing the user community

From: R. DuFresne (dufresne@sysinfo.com)
Date: Wed Feb 07 2007 - 16:16:57 EST

• Next message: M.B.Jr.: "Re: Testing the user community"
• Previous message: Mark Hinge: "The Black And White Ball (Con)"
• In reply to: Thor (Hammer of God): "Re: Testing the user community"
• Next in thread: Thor (Hammer of God): "Re: Testing the user community"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 2 Feb 2007, Thor (Hammer of God) wrote:

>
> Not withstanding the value of the other replies, the problem with this
> method is that the outcome doesn't really prove anything one way or the
> other. If he sends a mock virus out and no one opens it, it doesn't mean
> that they won't open a real one that comes out the next day. If they do
> open his, that doesn't mean they'll actually open a real one in the future.
>
>
> You can always prove that your users will do something stupid. That's
> trivial. If the goal is to actually improve the security posture of your
> userbase, then engage in continued user education - not waste your time
> trying to get them to open a virus.
>

If user education really worked though, would not alot of companies that
do just that for other companies work themselves out of a business over
time?

Or to state it a tad differently; over time would not user education be so
ingrained that only new hires need attend rather then the bi-yearly or
quarterly need for "user education" no longer be required?

Thanks,

Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFykHMst+vzJSwZikRAp/VAJ9Ycicem8WM9FIbBwUYXNn041Y3TwCgn4MJ
Wa3FDp9xLlK85rvwljFAZgI=
=B/WD
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: M.B.Jr.: "Re: Testing the user community"
• Previous message: Mark Hinge: "The Black And White Ball (Con)"
• In reply to: Thor (Hammer of God): "Re: Testing the user community"
• Next in thread: Thor (Hammer of God): "Re: Testing the user community"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:34 EDT