Posted by: Craig
Security is a state of mind - 12/15/05 06:51 PM
Great article/blog posting from:
http://www.computerworld.com/blogs/node/1437?NLT_SEC_B
By Martin MC Brown
Dec 15 2005 - 6:59am
The meaty bit reads as follows:
***
...security is more just a process: it's a state of mind.
It's not just about constantly being vigilant, it's about never trusting anything, no matter what application, or environment you are in. That goes way beyond computing into other areas as well, because today you never know when that piece of information about you will wind up being used in a computing environment. Your card may be skimmed at a checkout and then used online; giving out your DOB to anybody but those that really need it is daft. Answering the phone and giving security details is equally silly - the information you just provided over the phone could be used to login to your bank account online.
Browsing the Internet *is* a time to be vigilant, but you shouldn't be any more or less vigilant than when doing anything else. People switch in and out of security mode too often when they browse sites because they think different sites are 'safe' to use.
Similarly, some people fail to notice a change in the behaviour of their machine - engineers will tell you that they can spot a problem with some machinery just by detecting a minor change in the sound it makes (and I'll admit I've done the same with hardware) - but for some reason users and administrators alike are willing to accept a change in behaviour of their machine just because it's what they expect when software is installed or they visit a different web site.
Change your state of mind - treating everything out of the norm as suspicious - and you are much more likely to pick up oddities in all sorts of situations before they become real problems.
***
I couldn't agree more.
-- Craig
http://www.computerworld.com/blogs/node/1437?NLT_SEC_B
By Martin MC Brown
Dec 15 2005 - 6:59am
The meaty bit reads as follows:
***
...security is more just a process: it's a state of mind.
It's not just about constantly being vigilant, it's about never trusting anything, no matter what application, or environment you are in. That goes way beyond computing into other areas as well, because today you never know when that piece of information about you will wind up being used in a computing environment. Your card may be skimmed at a checkout and then used online; giving out your DOB to anybody but those that really need it is daft. Answering the phone and giving security details is equally silly - the information you just provided over the phone could be used to login to your bank account online.
Browsing the Internet *is* a time to be vigilant, but you shouldn't be any more or less vigilant than when doing anything else. People switch in and out of security mode too often when they browse sites because they think different sites are 'safe' to use.
Similarly, some people fail to notice a change in the behaviour of their machine - engineers will tell you that they can spot a problem with some machinery just by detecting a minor change in the sound it makes (and I'll admit I've done the same with hardware) - but for some reason users and administrators alike are willing to accept a change in behaviour of their machine just because it's what they expect when software is installed or they visit a different web site.
Change your state of mind - treating everything out of the norm as suspicious - and you are much more likely to pick up oddities in all sorts of situations before they become real problems.
***
I couldn't agree more.
-- Craig