IT Employment

General discussion


Security Solutions: Defense in Depth

By discussion ·
Users are generally acknowledged as the weak link in network security. In this week's Security Solutions TechMail column, Mike Mullins describes the first pillar of the Defense in Depth strategy: people. What have you done in your organization to safeguard against user-induced security breaches? Do your safeguards stem from the Defense in Depth concept?

If you're interested in the Security Solutions TechMail, but would like to learn more about it before signing up, point to this link and then click Security Solutions to see a sample:

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Controls & monitoring

by bozp In reply to Security Solutions: Defen ...

Human factor of course is very important. Training, controls and monitoring must be in place.

Collapse -

User Training

by pickbr In reply to Security Solutions: Defen ...

When I started working for my current employer, I have decided that user training is absolutely critical for data, system & network security. We have conducted a 1 hour mandatory security training for the whole company. In preparation for the training, I ran a password cracking software (with management knowledge and approval) to gage how sophisticated my audience will be. From the results, I have developed a training module that covered strong password creation, password sharing and social engineering examples. Throughout the past year, we've conducted tests to see if users really got it... the results were extremely positive. We're currently developing another security training session.

Collapse -

I'm in favor for the user training

by juhat In reply to User Training

From what I've gathered through reading about security, it doesn't matter how advanced or sophisticated defense systems you have. It always seems to fail at the end user, even if they have minimal rights assignments, they still provide the information/possibility for an intruder to gain control to your system. And it's not their fault, because most system are built have total control over their users and that makes the system and their users an appealing target. Once someone gathered information (through social engineering or whatever...), the system starts to get vunerable, if not wideopen for everyone to control.

Collapse -


by Mike Mullins In reply to User Training

That's an excellent approach. Research and Target your audience!

Related Discussions

Related Forums