As someone who's done information security work in academia, government, and different sizes of corporations, the most important thing I've learned is this: Throw everything you've got at it. The professional term for this is "defense in depth."

Security awareness training is one of the most valuable tools available for securing facilities. It is would be an ethical violation for a security professional not to push for it. It's a tool that works. Use it.

Two of the most intractable problems with security in any large organization are lack of resources and counterproductive user behavior. A "computer user good behavior" class would address the latter while leveraging standard academic resources to reduce the impact of the former. It's a brilliant win-win idea.

You don't like the idea of taking a class taught by someone who knows less than you do on the topic? Fine! Get on the academic committee and make sure that there is an opportunity to test out of the class. Better yet, get a job teaching it yourself, so you can make sure that it's done properly. Flaming about it won't get you anywhere.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/267/28560#28560