The organizations management, systems staff and users should communicate, sharing information about security concerns, and about users views of them. Sometimes systems administrators have been known to implement ambitious security policies without regard as to whether or not they were practical in their environment, and if they didnt listen to feedback from users, they might never know that almost every user resorted to writing down that 12-character, mixed case, consonants-only password that the system automatically assigned them. Similarly, sometimes CEOs are unaware of the risks their businesses face due to computer security issues. Remember that no one, CEO or lower-level end user, can act on security recommendations unless theyre aware of them, and that that takes communication. Similarly, regular communication goes a long way toward overcoming that network support doesnt care how hard they make it for us to get our work done opinion that can be prevalent among end users.
One school of thought is the carrot and stick approach. The carrot is motivational slogans such as SEC_RITY is not complete without U
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.