Stupid users, or stupid infosec?

By Ira Winkler, Computerworld |  Security

Hopefully, May's brain trust will tell him that the purpose of a good security program is to implement a strong security culture. That is accomplished by implementing awareness programs that use scientific principles to get people to behave securely by default and by implementing technical and other countermeasures that proactively prevent users from taking actions that are known to cause damage, or to at least contain that damage.

And if Thornton May were ever to consider me part of his brain trust, I would ask him, "Is that user behavior stupid, or is it just something that should be expected and that infosec professionals should therefore prevent or mitigate?"

Ira Winkler is president of Internet Security Advisors Group and author of the book Spies Among Us. He can be contacted through his Web site, irawinkler.com.

Read more about security in Computerworld's Security Topic Center.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness