[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] A rather newbie question
- To: David Hane <dlhane@xxxxxxxxxxxxx>, "Schmidt, Michael R." <Michael.Schmidt@xxxxxxxxxxxx>, "'Ethan Vaughn'" <evaughn@xxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] A rather newbie question
- From: Harlan Carvey <keydet89@xxxxxxxxx>
- Date: Mon, 3 May 2004 12:43:19 -0700 (PDT)
> While I think you have a point I also think Ethan
> has one too. It is important
> to remember that users are generally clueless and/or
> unconcerned with
> security. Of course I'm grossly generalizing but I
> think you get my point.
Yes, I can agree with that...I do get the point. But
who are the users? Say you're an admin at a law
firm...if the users are supposed to be
security-conscious (face it, a great many admins lack
even the most rudimentary security awareness), then
shouldn't the admins be required to have a law degree,
also? How about a hospital...shouldn't each admin
then have to have a medical degree?
> Keeping in mind that the weakest link can be the
> average user is always a
> good idea. And who would argue with idiot proofing
> any system, computer or otherwise?
Within the context of the business needs of the
organization...sure.
> So I think a little harmless joking amongst
> ourselves isn't necessarily all
> bad :-) After all, how many ID10T errors have you
> fixed in the last week ;-P
I agree that harmless joking is fine...but I've seen
instances in which that harmless joking became part of
the admin's vocabulary, even in front of those same
users.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html