Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Do employees care about secutity? (http://www.velocityreviews.com/forums/t307559-do-employees-care-about-secutity.html)

Steve 02-20-2006 03:41 PM

Do employees care about secutity?
 
Excerpts from
http://software.silicon.com/security...9156503,00.htm


An experiment carried out in London revealed that employees in some of
the city's best known financial services companies don't care about
basic security policy.

CDs were handed out to commuters, and recipients were told the disks
contained a special Valentine's Day promotion. The CD packaging even
contained a clear warning about installing third-party software and
acting in breach of company acceptable use policies, but that didn't
deter many individuals.

Effectively the employees, by carrying the CD into the company and
putting it straight into their PC, had by-passed much of their
company's security.


--

Drawing on my fine command of the English language, I said nothing.

....Robert Benchley

Todd H. 02-20-2006 04:52 PM

Re: Do employees care about secutity?
 
Steve <rty@pkf.inv> writes:

> Excerpts from
> http://software.silicon.com/security...9156503,00.htm
>
>
> An experiment carried out in London revealed that employees in some of
> the city's best known financial services companies don't care about
> basic security policy.
>
> CDs were handed out to commuters, and recipients were told the disks
> contained a special Valentine's Day promotion. The CD packaging even
> contained a clear warning about installing third-party software and
> acting in breach of company acceptable use policies, but that didn't
> deter many individuals.
>
> Effectively the employees, by carrying the CD into the company and
> putting it straight into their PC, had by-passed much of their
> company's security.


In other words, confirmation of the long standing notion of the humans
being the weakest link in the security chain.

Unless policy is backed up with training and clear consequences for
violating the policy, the topic is much too technical for more
people to really fully appreciate.

Best Regards,
--
Todd H.
http://www.toddh.net/

Arthur T. 02-20-2006 05:58 PM

Re: Do employees care about secutity?
 
In Message-ID:<unojv1h2ig6ue6feb3cv8v8la3gj3ot9vg@4ax.com>,
Steve <rty@pkf.inv> wrote:

>CDs were handed out to commuters, and recipients were told the disks
>contained a special Valentine's Day promotion. The CD packaging even
>contained a clear warning about installing third-party software and
>acting in breach of company acceptable use policies, but that didn't
>deter many individuals.


The experiment may be new, but the results were foretold at
least as far back as 1999. See, for instance:
http://en.wikipedia.org/wiki/Dancing...puter_security)

--
Arthur T. - ar23hur "at" speakeasy "dot" net
Looking for a good MVS systems programmer position

donnie 02-22-2006 12:43 AM

Re: Do employees care about secutity?
 
On Mon, 20 Feb 2006 07:41:14 -0800, Steve <rty@pkf.inv> wrote:

>Effectively the employees, by carrying the CD into the company and
>putting it straight into their PC, had by-passed much of their
>company's security.

#############################################
Was that story supposed to have a surprise ending?

Steve 02-22-2006 02:51 PM

Re: Do employees care about secutity?
 
donnie <donnie@queyosepa.org> wrote:
>>Effectively the employees, by carrying the CD into the company and
>>putting it straight into their PC, had by-passed much of their
>>company's security.


>Was that story supposed to have a surprise ending?


The only surprise is that these financial institutions apparently
still provide their employees hardware which allows them to install
software.


--

When you are arguing with a fool,
make sure he isn't doing the same thing.

....Unknown


All times are GMT. The time now is 10:26 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.