Security Awareness and Training

Posted April 19th, 2007 by

I’m doing Security Awareness and Training.  This is aimed at the average user, so for me to be taking it, it’s like a Navy destroyer taking on a zodiac.

I’m not going to name the organization that this training was for, because they probably don’t want the rest of the world to know.  There’s a reason for this:  the training sucked.

It was 2 people talking behind a podium without any good presentation skills.  Even for security content which is slow sometimes, this was a new low.  The sad part is that it was some really smart people trying to teach their audience too much and in such a disorganized fashion that they ended up confusing most of them.

Mike’s version of what Security Awareness and Training should be for the average user:

  • You have no privacy on our network or computers
  • Doing this list of things will get you sent to a federal prison
  • Doing this list of things will get you fired
  • If you suspect something is strange, call the help desk
  • If you have any security-specific questions, here is how you can reach me to ask
  • Don’t do anything that seems stupid at the time, if you have to ask if it’s OK to do, then the answer is probably “no”.
  • Have a nice day

Notice I don’t believe in trying to educate users what a firewall is, the basics of CIA, none of that.  They won’t remember it, just like I try to forget everything I know about asset depreciation and the other fine points of counting beans.



Similar Posts:

Posted in Rants, What Doesn't Work | 1 Comment »

One Response

  1.  The Guerilla CISO » Blog Archive » Do You Know What FISMA Is? Says:

    […] it comes to the topic of government workers knowing about FISMA, I’ve already said my piece: unless you’re working in security, senior management, or IT, you don’t need to know […]

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.


Visitor Geolocationing Widget: