 |
 |
 |
 |
 |
 |
|
| |
|
|
| |
| Abstract |
| |
|
Paper
Title
|
People
Patching: Is User Education Any Use at All?
|
|
Author(s)
|
David
Harley (USA), ESET LLC.
Randy Abrams (USA), ESET LLC.
|
|
Time
|
12 December, Friday, 16:10 - 16:50.
|
|
|
|
|
In general,
the anti-malware community splits dramatically into two
camps when it comes to the evergreen debate about the
effectiveness of user education and security awareness
asa protective measure. One camp argues that "if
education was of any use, it would have worked by now":
the other, that "education is key" and "you can't fix
social problems with technological solutions".
Is the answer out there in No Man's Land? We don't
believe that there is a 100% solution that will "fix"
internet lawlessness, let alone human nature (if there
is, it probably isn't education). We do, however,
believe, based on our own observations and experience
with very large user populations, that properly targeted
and implemented education and training, supplemented by
other non-technological approaches such as sound policy
enforcement, can play a vital part in a multi-layered
defensive strategy.
In this paper we will therefore consider (1) the
arguments for and against devoting resources to
education, training and security awareness (2)
approaches to integrating social, less-technological
approaches to security into a formal defensive framework
(3) user-friendly approaches to teaching computer
hygiene to audiences with very mixed experience and
technical knowledge.
While we will, mindful of our own experience and the
focus of the conference, be addressing the role of
education in malware management in particular, we
believe the general principles we'll be discussing are
applicable across the whole range of computer security. |
| |
|
| |
|
