Ride the Lightning

We Need to Fix Security and Stop Blaming Users

October 17, 2016

After taking a week off to recover from a hip replacement – and learning that my doctor was right when he said I would need two weeks – RTL is back though a chastened patient remains at home.

It is with delight that I share an excellent article from my friend Dave Ries, written by the very blunt cybersecurity guru Bruce Schneier. He maintains, correctly I think, that we need to stop blaming the user for not being sufficiently educated about security. No wonder NIST and others have found "security fatigue" among users. So many things we want them to know and remember when simply need answers or want to get a task done!

Bruce points out that the interminable warnings users see have an inevitable consequence: As he says, they don't see "the certificate has expired; are you sure you want to go to this webpage? They see, "I'm an annoying message preventing you from reading a webpage. Click here to get rid of me."

How many times have we all done that?

We need to stop blaming users and making computing more secure no matter what the user does. Automatic updates and running programs in sandboxes are perfect examples – we need more of them.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
http://www.linkedin.com/in/sharondnelson