As you are hopefully aware, October is the Cyber Security Awareness month. We will focus on one security awareness subject per day. Marc published the agenda at http://isc.sans.org/diary.html?storyid=3429 so let’s start with the first tip.
What are your tips for system administrators and others trying to get the word out to user? How did you get past the “This Does Not Apply To Me” attitude? Submit your ideas and stories here.
You might have heard this from your managers and CEOs multiple times – that they are not the target and that certain vulnerabilities don’t apply to them. An example of security not taking personally hit the news couple of days ago when Francis Ford Coppola’s laptop got stolen (http://www.nydailynews.com/gossip/2007/09/28/2007-09-28_francis_ford_coppolas_laptop_stolen.html). The laptop’s value in the whole story is negligible – the main issue here is that it contained the script for his upcoming movie and that there was no backup (at least it appears like so since Coppola pleaded for the return of the laptop).
Alan M. sent us another real story:
“I was called to help remove a phishing site from an ISP's apache server. It was not an easy offsite fix as the hacker was no script-kiddie and very actively fought from many countries' ips to retain "his" server.
Oct 1st 2007
1 decade ago