Comments on: Is Information Security Education Failing? http://danielmiessler.com/blog/is-information-security-education-failing grep understanding Sun, 29 Jan 2012 20:44:46 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: DF http://danielmiessler.com/blog/is-information-security-education-failing/comment-page-1#comment-14915 DF Tue, 19 Dec 2006 18:08:38 +0000 http://dmiessler.com/archives/1041#comment-14915 <p>Agreed, althought I'd also recommend incasing the computer in 6 feet of concrete and burying it in a deep hole. That's my personal definition of guaranteed security.</p> <p>I wonder though if the Professor had included the idea of RISK MANAGEMENT in the course work. Still if it was a bonus question its would be hard to justify failing the course because you messed up the extra credit part. It should be a learning experience for the teacher who should not limit it to extra credit next time. Then the professor would be justified in failing students for getting it wrong.</p> Agreed, althought I’d also recommend incasing the computer in 6 feet of concrete and burying it in a deep hole. That’s my personal definition of guaranteed security.

I wonder though if the Professor had included the idea of RISK MANAGEMENT in the course work. Still if it was a bonus question its would be hard to justify failing the course because you messed up the extra credit part. It should be a learning experience for the teacher who should not limit it to extra credit next time. Then the professor would be justified in failing students for getting it wrong.

]]> By: DF http://danielmiessler.com/blog/is-information-security-education-failing/comment-page-1#comment-246588 DF Tue, 19 Dec 2006 18:08:00 +0000 http://dmiessler.com/archives/1041#comment-246588 <p>Agreed, althought I'd also recommend incasing the computer in 6 feet of concrete and burying it in a deep hole. That's my personal definition of guaranteed security.</p> <p>I wonder though if the Professor had included the idea of RISK MANAGEMENT in the course work. Still if it was a bonus question its would be hard to justify failing the course because you messed up the extra credit part. It should be a learning experience for the teacher who should not limit it to extra credit next time. Then the professor would be justified in failing students for getting it wrong.</p> Agreed, althought I’d also recommend incasing the computer in 6 feet of concrete and burying it in a deep hole. That’s my personal definition of guaranteed security.

I wonder though if the Professor had included the idea of RISK MANAGEMENT in the course work. Still if it was a bonus question its would be hard to justify failing the course because you messed up the extra credit part. It should be a learning experience for the teacher who should not limit it to extra credit next time. Then the professor would be justified in failing students for getting it wrong.

]]> By: Carl M http://danielmiessler.com/blog/is-information-security-education-failing/comment-page-1#comment-14904 Carl M Tue, 19 Dec 2006 15:06:09 +0000 http://dmiessler.com/archives/1041#comment-14904 <p>I was going to say basically the same thing. Can you prevent attacks on a computer from the outside? Sure, just don't connect the computer to a network. Similarly, you can prevent attacks from the inside if you don't let anyone anywhere near the computer. But, yeah, as a yes/no question, the better answer is perhaps "no" ... if only because fewer qualifiers are needed with that answer than with "yes".</p> I was going to say basically the same thing. Can you prevent attacks on a computer from the outside? Sure, just don’t connect the computer to a network. Similarly, you can prevent attacks from the inside if you don’t let anyone anywhere near the computer. But, yeah, as a yes/no question, the better answer is perhaps “no” … if only because fewer qualifiers are needed with that answer than with “yes”.

]]> By: Carl M http://danielmiessler.com/blog/is-information-security-education-failing/comment-page-1#comment-246587 Carl M Tue, 19 Dec 2006 15:06:00 +0000 http://dmiessler.com/archives/1041#comment-246587 <p>I was going to say basically the same thing. Can you prevent attacks on a computer from the outside? Sure, just don't connect the computer to a network. Similarly, you can prevent attacks from the inside if you don't let anyone anywhere near the computer. But, yeah, as a yes/no question, the better answer is perhaps "no" ... if only because fewer qualifiers are needed with that answer than with "yes".</p> I was going to say basically the same thing. Can you prevent attacks on a computer from the outside? Sure, just don’t connect the computer to a network. Similarly, you can prevent attacks from the inside if you don’t let anyone anywhere near the computer. But, yeah, as a yes/no question, the better answer is perhaps “no” … if only because fewer qualifiers are needed with that answer than with “yes”.

]]> By: Stephen Moore http://danielmiessler.com/blog/is-information-security-education-failing/comment-page-1#comment-14709 Stephen Moore Tue, 19 Dec 2006 05:40:27 +0000 http://dmiessler.com/archives/1041#comment-14709 <p>Not that it matters, but was this posed as a yes / no question? One <em>could</em> have said "yes", providing usability was zero. I think it could have been a good essay question.</p> <p>The professor should have hammered away at the fact that management of risk is never perfect.</p> <p>Great blog, and congrats - she said yes : )</p> <p>-Steve</p> Not that it matters, but was this posed as a yes / no question? One could have said “yes”, providing usability was zero. I think it could have been a good essay question.

The professor should have hammered away at the fact that management of risk is never perfect.

Great blog, and congrats – she said yes : )

-Steve

]]> By: Stephen Moore http://danielmiessler.com/blog/is-information-security-education-failing/comment-page-1#comment-246586 Stephen Moore Tue, 19 Dec 2006 05:40:00 +0000 http://dmiessler.com/archives/1041#comment-246586 <p>Not that it matters, but was this posed as a yes / no question? One <em>could</em> have said "yes", providing usability was zero. I think it could have been a good essay question.</p> <p>The professor should have hammered away at the fact that management of risk is never perfect.</p> <p>Great blog, and congrats - she said yes : )</p> <p>-Steve</p> Not that it matters, but was this posed as a yes / no question? One could have said “yes”, providing usability was zero. I think it could have been a good essay question.

The professor should have hammered away at the fact that management of risk is never perfect.

Great blog, and congrats – she said yes : )

-Steve

]]>