As I got into my car, I realized that a few years ago when a car alarmwent off, everyone stopped to look. Now, everyone continues on with theirbusiness.
And I wonder how effective the car alarm is.
The same reaction has occurred with many security threats. For example,viruses and worms are no longer encountered with horror. When they firststarted to attack our systems and networks, people panicked at the verythought of them. The first worm made headlines in our daily newspapers,as well as on the evening news. Today, they have become so commonplacethat only security types really worry -- and even then we rely on oursoftware and hardware to 'catch' them.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i Is this bad?
Complacency can be detrimental to a security program. As people becomelax with their security responsibilities, the risk for security breachesbecomes higher. It's a direct trade off.
However, getting people to remember their security responsibilities canbe a challenge.
One way to do just that is to conduct annual training. The federalgovernment already has this requirement. Annual training should cover thefollowing areas -- at a minimum:
Another area of enhancing security is to implement and enforce thesecurity policy for the network/system. If people understand the policy,and know that to break the policy will result in punishment, then theywill be more likely to uphold the security policy.
Strong management is necessary to make a security policy work.