Hosting Provided By

Re: Security Education in the Workplace

From: K. K. Mookhey <cto(at)nii.co.in>
Date: Wed Nov 27 2002 - 00:12:12 EST

Youre absolutely right. Educations is always the key.

In my opinion, we need to target three segments of people for increasing the security of any organization in general.

Developers of course. Like you mention the Boot Camp, and someone had earlier suggested, maybe secure coding ought to merit a chapter in regular programming courses in colleges and universities, if not an entire course.
Administrators. You got to apply those patches and read the stuff thats easily available on the web, mailing lists, etc. Maybe courses aimed at them too. A huge number of incidents have been caused simply because admins didnt patch up, or didnt remove mis-configurations.
Lastly, the end user. This includes anyone who sits on a workstation for his work. Right from CxOs to secretaries to anyone at all. Basic, security has to be borne in mind. Don't double click attachments, use good passwords (define this for them), etc. etc.

This battle for security is never-ending. We can only up the scales at our end by educating people better. And even then, they dont need to know as much as the black hats do. An admin really does not need to know how a buffer overflow is caused or how to code one. He simply must know which patch he must apply and must have the sense to apply it ASAP. Same for end-users. They dont need to know how a worm replicates or a virus spreads. That it spreads via attachments or unprotected shares, or any other factor is all that needs to be conveyed to them.

I do hope this thread throws up some critically useful info.

K. K. Mookhey
CTO,
Network Intelligence India Pvt. Ltd.
Tel: 91-22-22001530, 22006019
Email: cto@nii.co.in
Web: www.nii.co.in

The Unix Auditor's Practical Handbook
http://www.nii.co.in/tuaph.html

Original Message ----- From: "Dana Epp" <dana@vulscan.com> To: "Michael Howard" <mikehow@microsoft.com>; <secprog@securityfocus.com> Sent: Wednesday, November 27, 2002 6:11 AM Subject: Security Education in the Workplace

> With all the talk of development libraries one common thread has continued
Received on Wed Nov 27 14:31:01 2002

This message: [ Message body ]
Next message: Stephane Nasdrovisky: "Re: Source code monitoring for a large development group"
Previous message: Jeff Williams (at) Aspect: "Re: Security Education in the Workplace"
In reply to Dana Epp: "Security Education in the Workplace"
Next in thread: George Capehart: "Re: Security Education in the Workplace"
Reply: George Capehart: "Re: Security Education in the Workplace"
Reply: Secterm .: "Re: Security Education in the Workplace"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT

Do you need help?