The Way from Data to Information

Data Mining

Subscribe to Data Mining: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Data Mining: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Data Mining Authors: William Schmarzo, Ben Bradley, Jason Bloomberg, Robin Miller, Progress Blog

Related Topics: SSL Journal, Data Mining, Security Journal, IT Strategy, Secure Cloud Computing, F5 Networks, Security

Security Journal: Blog Feed Post

Self Serve Security

The human element has always played a role in security, cyber or otherwise

Security Track at Cloud Expo

Education of users has become a hot topic of late.

The final keynote at the recent RSA Conference was all about using education to combat cybercrime.

This article has statistics showing that, when Small and Mid-Market companies were asked, ‘what would help improve the level of security at their companies,’ 75% (48% for employees & another 25% for senior management) said Security Awareness.

And, the recent issue of SC Magazine featured an article where Dan Beard, the Chief Administration Office for the House of Representatives says that organizations must educate end users and that end user education is the weakest link in cyber security.  In that same article, Stephen Scharf, CISO at Experian explains:

“The human element is the largest security risk in any organization,”…“Most security incidents are the result of human errors and human ignorance and not malicious intent. Therefore, it is critical that significant effort is focused on education and awareness to reduce these occurrences.”

02840 The human element has always played a role in security, cyber or otherwise.  Growing up in Rhode Island, we used to always leave the keys in the ignition of the vehicles parked in our driveway.  We felt safe were we lived – and granted, we lived in a rural area so the main crimes committed were things like stealing eggs from Carpenter’s Farm.  Certainly, there are still plenty of areas and towns that have that type cocoon.  As I went off to college in Milwaukee, I had to remind myself early on – ‘you’re not in Wakefield anymore,’ since I’d instinctively leave my wallet crammed in the sun visor of my Rabbit Diesel.  I had to change my behavior when I moved from a small rural area to a larger city.  Internet users must do the same but we are creatures of habit.  Similar to leaving a wallet in the car, since that’s what I did most of driving life up to that point, many internet users still behave as if it’s 1995 and they are still on Prodigy.  The threats are different and more severe but behavior is the same.  Times change but sometimes people don’t, won’t or can’t.

As all those articles point out, End User Education is vitally important to any organization and should be a key part of the overall IT security strategy.  Users knowing what and what not to do when something seems fishy is an important part of your defense – especially when it’s something your firewalls, WAFs, IDS/IPS and other perimeter mechanisms might have missed.  Education needs to be ongoing however and not a one shot deal since, according to Dr. Maxwell Maltz, it takes 21 days to make or break a habit.  This has since been deemed a myth and everyone is different but it does bring up a good point.  Security education, training and knowledge is not an overnight cram session – any security professional will attest to that.  A single afternoon meeting going over ‘corporate policies for end users’ regarding information security will not help those who already have bad habits.  It needs to be ongoing, consistent and relevant to their daily lives, including the serious consequences of poor behavior.  Help users understand the risks/threats, break the bad habits that might lead to exposure and secure your infrastructure in a way that no piece of hardware/software can.  Help users help themselves.

While not directly security related, F5 recently started offering Free Web Based Training for our end users.  IT admins are end users too, ya know.  F5 Networks Web-Based Training (WBT) courses introduce you to basic technology concepts related to F5 technology, recent changes to F5 products and basic configurations for BIG-IP Local Traffic Manager (LTM).   These are self-paced and you can access them at any time and as many times as you like.  The cool thing is if you complete all of the lectures and labs for the LTM Essentials WBT, you have met the prerequisite requirements for the Advanced Topics, Troubleshooting, and iRules classes.

ps

Related Items:

Technorati Tags: Pete Silva,F5,security,application security,network security, business, education, technology

Read the original blog entry...

More Stories By Peter Silva

Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.