IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [user-education]

Education aimed at helping users meet their security-related responsibilities.

Many systems' security properties only hold when users follow certain rules. User education is aimed at making users aware of these rules. For example,

  • Letting managers know how to delegate enough authority without delegating all or without muddying audit logs by sharing their login credentials.
  • Preventing by letting employees know how to verify that the person on the other end of the phone is an employee with access rights or making it clear that all info requests go through the system.
  • Ensuring strong and making sure employees know not to share them with tech support.
  • etc.
93 questions
18
votes
2 answers

If you have to write an information security guide for non technical users, what would you cover?

Inspired by a question I saw on Twitter: As the title says, what items would you include? And to what depth? Are there obvious topics everyone should be thinking of, or is it important to advise on areas they may not have considered but can take…
Rory Alsop
  • 61,507
  • 12
  • 118
  • 322
16
votes
5 answers

How can I keep my programmer collegues informed about security issues?

I am currently finishing a college degree in programming and I find that security topics are often barely understood by both students and teachers. It leads me to think that there are a lot of developers out there with nearly no basic knowledge…
HoLyVieR
  • 372
  • 1
  • 11
10
votes
3 answers

What are a few good analogies to describe the benefits of a strong security program?

Given communication is king, what are some of the favorite analogies you like to use to describe the benefits of security to organizations needing security but new to security?
Tate Hansen
  • 13,804
  • 3
  • 42
  • 84
9
votes
3 answers

What is the state of Security in Comp Sci Programs

In a previous question (How can I keep my programmer collegues informed about security issues?) there was a statement: "...and I realise that security topics are often barely known from both the student and the teacher." It made me wonder what is…
Steve
  • 15,263
  • 3
  • 39
  • 66
8
votes
6 answers

Users never remember their passwords or security answers. How can I get them to remember, but follow good security practices?

I work at a library where I teach computer literacy classes, especially for the elderly. Among other things, we have classes where people set up e-mail or other online accounts. For many of them, this is their first exposure to passwords. About once…
Thunderforge
  • 211
  • 2
  • 9
4
votes
5 answers

What is a good way to demonstrate the insecurity of common bad practices?

A friend of mine teaches a "Basic IT Security" class at a .edu and asked what demonstrations he can do, live, to show why certain practices are bad. Currently, we have cobbled together a Firesheep demo, which is impressive, but it's becoming…
scuzzy-delta
  • 9,343
  • 3
  • 36
  • 55
2
votes
4 answers

Is user-education considered a security measure?

Some people reason that an iOS device is safer from a security context than an Android device, because an iOS device does not simply allow users to install apps from any source other than the App Store while Android has a user configurable setting…
Rolf ツ
  • 123
  • 7
1
vote
0 answers

Can anyone predict the scope of security in the year 2030?

I'm just curious to know the scope of the future security in terms of compliance and cyber security. And also the way of technology growth in terms of speed, authentication and authorization and OS. And the most important thing is how the users are…
user45475
  • 1,090
  • 2
  • 9
  • 14
1
vote
2 answers

Seeking security help as a non-technical manager

A friend in the business sector recently asked me for advice on "IT security in a large charity". Being a developer not specialized in security, I could see his difficulty in finding someone qualified to hire to counsel him. Struggling for answers,…
Jonathan Allard
  • 111
  • 4
1
vote
2 answers

What's a good tool or website to help learning about security?

I recall reading once online about a website that had a name that sounded Japanese (Matsz... something) with security problems for programmers to do and learn about different security issues. Does anyone know what I'm talking about? I can't for the…
Whelchel
  • 121
  • 1
0
votes
1 answer

What are the most tolerable options for a more general public type not to be victimized by malware?

I've talked with a new friend who is fairly bright and who can do some interesting things programming Office applications, but whose technical abilities omit infosec. And he got bitten by nasty malware. I'm wondering what options might be most…
Christos Hayward
  • 1,210
  • 9
  • 10