[651] in Intrusion Detection Systems
Re: I'm with Gene
daemon@ATHENA.MIT.EDU (Steve Smith)
Sun Mar 3 11:03:44 1996
Date: Thu, 29 Feb 1996 10:28:22 -0800
From: Steve Smith <sdsmith@televar.com>
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
Ira S. Winkler wrote:
>
> I agree with almost everything that was said by Steve Smith, with the exceptio
n
> that I do not think you should stress policies to users. You should stress
> Procedures, and why the procedures are important. All too often I see securit
y
> presented as "It is important to protect information, and if you don't you wil
l
> be fired."
>
> I prefer to see awareness programs say things like check for access badges and
> challenge people that don't belong there, or do not give out your password for
> any reason to anyone. This is as opposed to you are required to wear your bad
ge
> or protecting your password is important.
>
> It is a fine line, but it makes a difference. Awareness briefings and policie
s
> tend to say that protecting information is important, without providing
> practical examples of how to do it.Absolutely Agreed. I feel also that the wa
y you get the point across is
imperitive to system security. If people feel like it will be a
challenge they will try, plain and simple. Procedures, are more
threatning to a potential system intruder.
