Traenk loves computers and technologies. He loves to be a Technical Editor for books. But his views towards security seem to be straying from the Technical to the Personal.
I'm checking out ThinApp right now, VMWare's neat technology for application virtualization. I like technology. Reading the dozens of Information Security newsletters that I receive, I'm getting leary of the technical overplay to some security initiatives.
Normally, many security people write off 'users' as obstacles to true security. People choose silly passwords and then blithely spell them over the phone to whoever calls, claiming to be the support desk. Certainly, that was true and is still true for some 'users'.
What is stopping your organization from enjoying the support of engaged system users? Why is it the people in your organization aren't doing by nature what you proclaim during your speeches to IT managers?
Before writing off your coworkers at your organization consider this. Many have IT infrastructures at home that rival most PC LANs of the late 80's. Several have home businesses and use their PC's as much for business as you once used for Descent tournaments. By now, most of them know a person whose financial identity was stolen and many have had to work through virus attacks.
In short, we Information Security Professional have a captive audience, if we choose to recognize it.
Is the answer a lecture on protecting the organization's systems or offering to provide a question and answer session on protecting your tax software as you complete your taxes?
Of course, awareness isn't as dramatic as implementing a new monitoring tool or the latest Security -in-a-Box vendor offering. But it can be more effective and have actual duration.