Print

Print


Wow, you had time to read it?


On Aug 15, 2011, at 10:30 AM, Carol Caldwell-Edmonds wrote:

> regarding the PS Ben sent:
> 
> from that paper:
> CONCLUSIONS AND A WAY FORWARD
> We have looked in detail at a snapshot of events for a
> sample of password users; but every minute taken in
> unnecessary password use needs to be multiplied by orders
> of magnitude to account for all the password uses even
> within one organisation. This is the true cost of unusable
> password policies. Against the world-view that “if only
> [users] understood the dangers, they would behave
> differently” [12], we argue that “if only security managers
> understood the true costs for users and the organisation,
> they would set policies differently”. We conclude with
> some suggestions for how this might be achieved.
> Towards Holistic Password Policies
> The vision of a holistic approach for security policies is not
> new; Sasse et al. [16] outlined what such a policy should
> contain. In moving to a holistic approach, there is no single
> ideal policy, as the ongoing debate about writing passwords
> down [12, 17] indicate.
> Focussing on frequency of password changing, or password
> strength, without considering the user in their context of
> work, is clearly not holistic...
> 
> So, there's the research, and if we take a data-informed-decision-making process seriously, then the role of client services in IT changes from being merely the fire rescue team, into the far more professional role of intermediary/translator/data collector between the two groups in the conclusion: the system administrators, and the users. 
> 
> Oh, sorry, I'm awake again...it was a nice dream, anyway. Back to the fire station.
> 
> 
> Carol Caldwell-Edmonds, IT Professional Senior
> Enterprise Technology Services: Client Services 
> Helpline and Computer Depot Clinic Coordinator
> University of Vermont
> [log in to unmask]
> <Carol.gif>
> never take yourself TOO seriously...
> artwork by Shannon Edmonds
> 
> On 8/15/2011 10:14 AM, Benjamin Coddington wrote:
>> 
>> For the record, I think Scott Adams is the /real/ prophet:
>> 
>> http://dilbert.com/dyn/str_strip/000000000/00000000/0000000/000000/00000/1000/700/1782/1782.strip.gif
>> 
>> Ben
>> 
>> PS 
>> Here's a source study for True Cost:
>> 
>> http://www.cl.cam.ac.uk/~rja14/shb10/
>> http://www.cl.cam.ac.uk/~rja14/shb10/angela2.pdf
>> 
>> On Aug 15, 2011, at 9:56 AM, Andrew Hendrickson wrote:
>> 
>>> Unless the math is faulty, this comic, sent to me by an unnamed colleague, makes an interesting point regarding passwords:
>>> 
>>> http://www.xkcd.com/936/
>>> 
>>> Discuss amongst yourselves, I'll get coffee . . .
>>> 
>>> Andrew Hendrickson
>>> CAS, IT Administrator
>>> UVM, College of Arts & Sciences
>>> 438 College Street #402
>>> Burlington, VT
>>> 05405
>>> 
>>> 802-656-7971
>>> 802-656-4529 (fax)
>>> 
>>> [log in to unmask]
>>> 
>>> To submit a request for service please use:
>>> http://footprints.uvm.edu/ashelp.html

Andrew Hendrickson
CAS, IT Administrator
UVM, College of Arts & Sciences
438 College Street #402
Burlington, VT
05405

802-656-7971
802-656-4529 (fax)

[log in to unmask]

To submit a request for service please use:
http://footprints.uvm.edu/ashelp.html