[unisog] Educating Users
stevev at darkwing.uoregon.edu
Tue Aug 7 18:46:36 GMT 2001
Karen A Swanberg writes:
> In the various Code Red threads, many things have been said about LARTS,
> educating users, using AUP's to enforce the installation of servers, and
> many other ideas.
> My question is, how? In Detail?
> I've asked about user education at SANS, at local sysadmin meetings, and
> at the local security meetings (all of which I respect greatly) and
> whenever I do I am met with blank looks and stuttering, or silence.
To a great extent this is the result of a popular view of computing that
encourages people to have the attitude that they shouldn't _have_ to be
educated to use computers. Vendors sell their computers and software as
items that are supposed to be so easy to use that users shouldn't have to
have special training to use them or have to invest any time in
operating and maintaining their products.
On the other hand most seasoned, competent system administrators are
fully aware of the ongoing investment in education and maintenance
required to keep computer systems going. So there's a culture clash
between them and the people who think computers should just work without
any effort on their part.
I think a lot of our attempts at educating users will be brushed off by
the users for as long as they have the attitude that they don't need to
be educated about computer use. One poster just used the analogy that
computers are like cars instead of safes in regard to security; they're
not as useful for what they contain as for what an intruder can do with
them. People also accept that cars require a certain amount of training
and certification before people are allowed to operate them; if people
had similar expectations of computers, then maybe user education efforts
would be more successful. Right now people seem to think of computers
as being more like toasters than cars in terms of how they should
interact with them.
More information about the unisog