About the
(ISC)² Blog

  • (ISC)² believes in the importance of open dialogue and collaboration, between both (ISC)², its certified members and members of business and society.

    (ISC)² established this blog to provide a voice to its certified members, who have significant knowledge and valuable insights to share that can benefit the information security industry, the people in it and the public at large.

    The postings on this site are the author's own and don't necessarily represent
    (ISC)²'s positions, strategies or opinions. (ISC)² does not control, monitor, or endorse any links provided in this blog and makes no warranty or statement regarding the content on any linked website.

    Those who post comments to blogs should ensure their comments are focused on the topic at hand. (ISC)² reserves the right to remove any post or comment from this site.

    Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org.

    Please click here for FAQs.

    Please click here for the Blog guidelines.

« FedRAMP: A progress report from a 3PAO | Main | There’s Testing, Then There’s VirusTotal »

30 November 2012

Comments

Great point.
I do believe you are right but still ... how do we make the user accountable ?
Maybe regulations and laws can help (and should help) but we are speaking about changing the user "culture".

Hi David,

You´re right. Change the user culture isn´t a easy task. Far from it...
But I believe that this cultural change must come, and for some people it´ll come naturally through specific awareness training. For others it´ll come by need.
Knowing that they´re accountable for their actions will make them more responsible too.

It is not just the lack of training, because I saw many of the security team effort between users by word of mouth. In order for them to understand the risks.

Do you generally take into account optimizing the content for search systems?

The comments to this entry are closed.

Recent Contributors

Past Contributors