Educating Users

Karen A Swanberg swanberg at tc.umn.edu
Tue Aug 7 15:57:49 GMT 2001


In the various Code Red threads, many things have been said about LARTS,
educating users, using AUP's to enforce the installation of servers, and
many other ideas.

My question is, how? In Detail?

I've asked about user education at SANS, at local sysadmin meetings, and
at the local security meetings (all of which I respect greatly) and
whenever I do I am met with blank looks and stuttering, or silence.

We as computer specialists use Luser all of the time. How do we change
that to, say, responsible user? I agree with Paul Schmehl's response in
"Re: [unisog] Security patches" but how do we implement it?

We, as IT/system/network/security admins, are building methods to patch,
to disseminate the knowledge among us about bugs, worms, viruses, cracking
tools, ways to secure sytems, and we're getting security certifications,
but there is very little out there on how, in detail, to education the
user or foil the social engineering.

Perhaps I, as a nontraditional computer geek, am not scary enough to get
the point across.  But having a patented "look of death" to scare users
into responsiblity don't work for everyone.

AUPS are necessary of course, but everyone just signs it without reading,
and don't believe there are legal teeth behind it. And in an open
university setting, frankly, I doubt it too.

Are there resources out there about this that I have not yet come across? 

-                                                                  -
    Karen Swanberg | Sys Admin | Dept. of Geology and Geophysics    
206 Pillsbury Hall | 310 Pillsbury Ave. SE | University of Minnesota
     Minneapolis, MN 55455  (612) 624-6541  (612) 625-3819 (f)

              * <---- Tribble   . <--- Tribble.tgz



More information about the unisog mailing list