Security threats Toolkit
Story: Four deadly security sins
The zeroth deadly sin?
The biggest (and implied) "sin" is PEOPLE! Without people using the networks, sending and receiving emails and forgetting their passwords, the risks would be minimal. Meanwhile, back in the real world...
One comment I would make is that people tend to remain ignorant of the risks, no matter how strongly they are spelled out. It is almost a "head in the sand" problem for system administrators. Whilst the risks are great, on an individual basis, they appear low. If security is tightened up, users tend to react vocally and negatively. Security is seen as being at odds with getting their jobs done.
Full Talkback thread








