The paragraph that begins "It is possible to have a very secure business computer on a network..." is the perfect model for how to suck employee morale down to nil. As the sole IT person for a small company, a large part of my job is building and maintaing user trust, so that when I do need to institute a security-related policy, I'm taken seriously.

Policies that make users feel worthless, guilty, or like drones only serve to build resent toward the already ominous and foreboding feel of IT.

Aditionally, to lock to users to the point where they can take no joy from the work is to completely misplace the source of security problems. The market is unfortunately dominated by a company that has repetedly demonstrated that it takes no more than a token interest in security, and in fact actively hinders security by opting for proprietary solutions over standards-compliant ones.

The future of IT security lies in software vendors taking the problem seriously, not in forcing users to hate their jobs.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/372/32758#32758