OK, so here I am trying to educate students (and Internet) users of the need for better security practices, and then I see a paper that argues that "rejection of security advice is entirely rational". Humm, this should be an interesting read. The paper is available on Cormac Herley's site:
So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users
published at NSPW 2009.
I haven't read the paper carefully, as yet -- but in general I do agree (with some reservations) with the author, unless you are the victim, of course!. IT security these days is hard, especially since the number of users and the usage patterns are growing everyday...probably a reason (among several others) that the cost-benefit is poor when it comes to security advice. Until I read this article, I used to think security advice and awareness is a 2-wall problem.
wall 1: I don't know why this is a security problem
wall 2: ah, I know what the security problem is -- but I don't know how to solve it
Are we breaking these walls down now?
Friday, April 16, 2010
Subscribe to:
Posts (Atom)
