[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Super Worm
- To: <full-disclosure@xxxxxxxxxxxxxx>, <sean01@xxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] Super Worm
- From: "Curt Purdy" <purdy@xxxxxxxxxx>
- Date: Mon, 19 Apr 2004 14:26:10 -0500
sean01@xxxxxxxxxxxxx wrote:
> >On the other hand....without those dimwits I would be out of
> >a job...God
> >bless the dill's..
>
> Yeah, but with the problems and the stupidity of end users,
<snip>
> Make a good list wich people can check for themselves. A
> knowledge base
> maybe with good understandable descriptions of threats and
> info on new
> things wich might hit them. If they did not obey the list with checks
> they can be hold for ignorant, unhelpful, dumb, or any names you can
> think off (still stay polite). Prioritize those people by
> filtering who
> is helpful and sticks with the rules, and people who are just simply
> ignorant and not willing to learn from what you tell them. In
> the end
> it is their own fault and they have to feel how it is to not being
> helped that quick.
Good points. I have developed just such a list at our organization. In
addition to quickly responding to these individuals when they need help, I
take the extra time to educate them in security including conducting
voluntary classes, put them on an email list that I keep updating with the
latest worms and threats and fixes, and even take extra time to do
one-on-one to make them feel part of the team. I have even dubbed our group
"the white-hats".
In return, they have taken it to heart and have become my un-official
deputies, keeping their eyes open for security problems from physical (an
unknown person walking around suspiciously or a co-worker pasting their
password on a monitor) to informational (notifying me of a virus getting
through the gateway filter or being able to access something they know they
shouldn't). I have found that my time spent has paid me back in a user base
(at least part of it) that has become an asset not a liability, as we often
think of them.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
----------------------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html