People have a natural intuition about risk, and in many ways it’s very good. It fails at times due to a variety of cognitive biases, but for normal risks that people regularly encounter, it works surprisingly well: often better than we give it credit for. This struck me as I listened to yet another conference presenter complaining about security awareness training. He was talking about the difficulty of getting employees at his company to actually follow his security policies: encrypting data on memory sticks, not sharing passwords, not logging in from untrusted wireless networks. “We have to make people understand the risks,” he said.

It seems to me that his co-workers understand the risks better than he does. They know what the real risks are at work, and that they all revolve around not getting the job done. Those risks are real and tangible, and employees feel them all the time. The risks of not following security procedures are much less real. Maybe the employee will get caught, but probably not. And even if he does get caught, the penalties aren’t serious.

Given this accurate risk analysis, any rational employee will regularly circumvent security to get his or her job done. That’s what the company rewards, and that’s what the company actually wants.

Bruce Schneier

Seth's Blog

Seth Godin's Blog on marketing, tribes and respect

Signal v. Noise

Strong opinions and shared thoughts on design, business, and tech. By the makers (and friends) of Basecamp. Since 1999.

Gracyn Mae

Gracyn's little journey

Jackrabbit Ski Trail - Conditions

the pensieve of benjamin james lowery

Read the Tea Leaves

Software and other dark arts, by Nolan Lawson

#RichardDreams

Dreams from a fevered mind

Several People Are Typing

The Official Slack Blog

Cold Glass

You can make these cocktails. Start right now.

Sip & Swig

the pensieve of benjamin james lowery

Glens Falls Chronicle

Just another WordPress.com site

tonsky.me

the pensieve of benjamin james lowery

Ivan Enderlin's thoughts

Swapped memory of a hacker

Random ASCII

Forecast for randomascii: programming, tech topics, with a chance of unicycling

David Lebovitz

Paris based chef baking and writing cookbooks

Barn Blog

the pensieve of benjamin james lowery

On The Plate

What's on the plate of a software engineer who likes cooking.

deadbait

striving for a life well-lived

WolverinesWire

Get the latest Michigan Wolverines news, schedules, photos and rumors.

a playground 0101

come and see 👍

Biskobe's adventures!

Stay awhile and listen...

coderkevin

Coding, hacking, tinkering, and meandering.

The Adirondacker

"All Things Adirondack"

Adirondack Girl @ Heart

Your Vintage Headquarters

Joe Geronimo

Family, Running, Paddling, Life

Amanda's Adirondack Adventures

Come along with me and my dogs as we Adventure through the Adirondacks!

Adirondack Dad

Raising Kids and Getting Outdoors in the Adirondacks

Papyrus Stories

Ancient Stories from the Ancient Past

Hurry The Food Up

Vegan and Vegetarian Recipes For Busy People

strange behaviors

Cool doings from the natural and human worlds

Newco Shift

the pensieve of benjamin james lowery

Golfweek

Golf News, Scores, Leaderboards, Tournaments & Rankings

V8 JavaScript Engine

the pensieve of benjamin james lowery

Goldsounds' "Dev" Site & Emporium

Just another WordPress "site" & Things

Daring Fireball

the pensieve of benjamin james lowery

MonkeyUser

the pensieve of benjamin james lowery

%d bloggers like this: