|
-
Yeah, that's a problem everywhere. Perhaps the money would be better spent on training employees about security measures.
But that's a good argument for restricting privileges to the minimum that the user needs. So this would be a case where roles and privileges should be carefully planned. That way, this careless user's password being compromised doesn't compromise the whole enterprise.
Human error is still the biggest security risk, in my opinion, and so unless you can get rid of those 'careless' folks from your environment, it's up to people in the IS&T department to train users.
The problem I see is that users want to have the same userid and password for multiple systems, and that's understandable, but that adds to the risk. You can't please them all.
maachan
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote