Comments on: Is Your Security Training a Liability?

By: Security Insights Blog » Could Training People to be More Secure be a Liability?

Fri, 01 Aug 2008 01:14:50 +0000

[...] different areas of “risk management” can collide. The Security Ripcord blog has a post describing how the author tried to set up a series of monthly security meetings for staff at the [...]

By: Security training a liability? « Blogging Without a Safety Net

Security training a liability? « Blogging Without a Safety Net — Sat, 30 Jun 2007 10:28:52 +0000

[...] really sure how I managed to find this blog post this evening given that it’s from January, anyway it’s a rant on security training [...]

By: Gary HInson

Gary HInson — Sat, 20 Jan 2007 20:08:33 +0000

Hi Cutaway.

Whilst you seem deeply concerned about your organization and its woes, you might like to look at more/other creative ways to raise security awareness. I’d recommend a book by Rebecca Herold without hesitation: “Managing an information security and privacy awareness and training program” is stuffed full of good ideas. I can’t guarantee they will all work on Southern Texans but I know some of them do.

Kind regards,
Gary

By: Network Security Blog

Network Security Blog — Thu, 11 Jan 2007 15:29:54 +0000

Can security education be a liability?

By: The Security Catalyst » Blog Archive » Back from Paradise and Into the Groove, did you read this posting?

Thu, 11 Jan 2007 12:31:11 +0000

[...] Fellow Trusted Catalyst, Cutway, recently posted about an experience he had at work. I was chatting with him online when it happened, and got the chance to read his writeup the other day. I think you should read it, and you can find it here: Is Your Security Training a Liability? [...]

By: An Information Security Place » Blog Archive » A damn good security ranting post

Fri, 05 Jan 2007 19:26:02 +0000

[...] Go read this over at Security Ripcord. You won’t be sorry (thanks to Martin for pointing it out to me). [...]

By: shrdlu

shrdlu — Fri, 05 Jan 2007 17:32:31 +0000

Cutaway, you’re not alone, believe me. I’m just north of you, and I think my troublesome colleagues probably came from south Texas too.

You just have to ignore the “whudda we need security for?” people and keep pushing for awareness. We offer classes on securing home computers, setting up wireless, and preventing identity theft, and our users are VERY grateful. Liability isn’t a concern for us, mainly because we make it clear that we’re just passing on material published elsewhere (we point them to .gov sites, for example).

My response to my own troublemakers (not directly to them, but to someone who reported it) was, “They don’t have to like it or believe in it. They just have to do it.” At the end of the day, when security is your responsibility, you don’t have to try to get consensus.

Keep fighting the good fight!