Comments on: Participatory Security

By: Iang

Iang — Thu, 09 Nov 2006 17:01:43 +0000

LOL, talk about hubris … there is also 3) that maybe the users are right, and the security people don’t know what they are talking about. This happens more commonly than we care to believe.

By: Cutaway

Cutaway — Wed, 08 Nov 2006 00:00:59 +0000

Sir,
Thank you for commenting on my post. I like how you have applied my words into other important, related aspects. I too am concerned about privacy (funny how many security professionals are these days) and I am also glad to see you are asking people to make a political stand. I hope that people take this to heart. Might I suggest that people also try to make a change by participating in their party’s local primaries. This will help get people who care about these issues on the ballots.
Go forth and do good things,
Cutaway

By: David Brodbeck

David Brodbeck — Mon, 06 Nov 2006 15:22:30 +0000

I’ve often remarked that, as an IT worker, the other employees of the company are my “customers.” I have to remind myself frequently to treat them that way.

By: Brad Lhotsky

Brad Lhotsky — Mon, 06 Nov 2006 10:51:45 +0000

I wrote about this a while ago on my blog:
http://divisionbyzero.net/blog/2006/07/12/trust/
Another problem is the people making the security policy tend to grant themselves exceptions to those policies. Here at my organization, all IT has the same security restrictions on their workstations as the rest of the crowd. It’s incredibly useful to get in the trenches with the users and actually learn how the computer can help them do their job.
Also, as working from home becomes more common, security professionals are going to need to learn to teach security principles to their users in interesting ways. Users generally don’t want to be insecure, but there’s a perception of security as inconvenience.
I’d appreciate some feedback on the articles I’ve written on these topics if someone’s got a few minutes.