Rob VandenBrink has written a piece on the SANS web site Diary (“The Many Paths to Security Awareness”) with an interesting take on the very large topic of computer security awareness.
“Security Awareness does not mean the same thing to everyone in a company,” sums up his point.
“From a Security Awareness perspective the blanket term ‘end user’ grows to encompass many audiences – not only folks with basic desks and phones, but developers, senior managers, salespeople, engineers, health-care professionals, all kinds of people with different concerns, different goals, and a different set of reasons/excuses for exceptions to one thing or another,” he wrote.
Rob’s piece also offers a link to a survey that’s trying to find out what phase of security people from various “audiences” are trying to bolster.
There often is a feeling among technical people that user education is pointless because “they never get it.” It’s hard to argue with that dismal assessment in the face of the fact that possibly more than a fourth of those connected to the Internet have no functional security on their machines (Netherlands-based SurfRight December survey ). The success of every form of social engineering and spam advertising also speak pretty badly about the level of “clue” on the Internet.
But, cursing the darkness never works and lighting a few candles might help a lot of people. Every day there are tens of thousands of new Internet users going on line for the first time. They need to learn about the threats out there and precautions they can take. Rob seems to be investigating the possibility that people on every level of every type of organization are contributing to that effort.
On the Sunbelt Blog we’re aware of those “audiences” as we try to present stories of all levels to our readers, from the very specific descriptions of rogues and all the malicious stuff that Chris Boyd finds in the gamers’ world to summaries of BIG new stories of the day, such as Google and its wrestling match with the censorship issues of the government of the Peoples’ Republic of China.
Always in the backs of our minds are the less technical “home users.” We realize that isn’t a really precise term, but everybody seems to have a mother, aunt, uncle or child that IS one. For them we also write a daily summary http://www.sunbeltsecurity.com/ThreatLevel.aspx that tries to describe the latest threats.
So, good job Rob. We’ll look for the results of the survey.
Tom Kelchner