Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
Kenneth F. Belva

On the Human Condition & Information Security

Kenneth F. Belva writes the column Perspectives of a Security Maverick
By Kenneth F. Belva posted in Human Elements November 15, 2006 9:46pm

SANS ranks human error at the top of information security worries.

Robert McMillan reports an interesting case of military cadets who fell for an email social engineering attack soon after they were trained in information security.

Papers such as Why Phishing Works seem to suggest that there is not much that can be done in the way of educating users.

The interesting question posed: “What is the line between what can and cannot be reasonably taught that would satisfactorily alter human computing behavior for the better?”

It is a question to which I do not have a satisfactory answer at the moment.

Bookmark this post
Sphere: Related Content Print Print
Related Articles:
, Post a comment or leave a trackback: Trackback URL.

One Trackback

  1. By bloginfosec.com » Security Awareness - Not Education - is the Answer on February 14, 2007 at 8:59 pm

    [...] Make them aware. Conveniently remind them of potential issues and the proper course of action, but don’t expect them to have or gain any real working knowledge of information security. Bookmark to: [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*