Print

Print


Wow, you had time to read it?


On Aug 15, 2011, at 10:30 AM, Carol Caldwell-Edmonds wrote:

regarding the PS Ben sent:

from that paper:
CONCLUSIONS AND A WAY FORWARD
We have looked in detail at a snapshot of events for a
sample of password users; but every minute taken in
unnecessary password use needs to be multiplied by orders
of magnitude to account for all the password uses even
within one organisation. This is the true cost of unusable
password policies. Against the world-view that “if only
[users] understood the dangers, they would behave
differently” [12], we argue that “if only security managers
understood the true costs for users and the organisation,
they would set policies differently”. We conclude with
some suggestions for how this might be achieved.

Towards Holistic Password Policies
The vision of a holistic approach for security policies is not
new; Sasse et al. [16] outlined what such a policy should
contain. In moving to a holistic approach, there is no single
ideal policy, as the ongoing debate about writing passwords
down [12, 17] indicate.
Focussing on frequency of password changing, or password
strength, without considering the user in their context of
work, is clearly not holistic.
..

So, there's the research, and if we take a data-informed-decision-making process seriously, then the role of client services in IT changes from being merely the fire rescue team, into the far more professional role of intermediary/translator/data collector between the two groups in the conclusion: the system administrators, and the users.

Oh, sorry, I'm awake again...it was a nice dream, anyway. Back to the fire station.


signature Carol Caldwell-Edmonds, IT Professional Senior
Enterprise Technology Services: Client Services
Helpline and Computer Depot Clinic Coordinator
University of Vermont
[log in to unmask]
<Carol.gif>
never take yourself TOO seriously...
artwork by Shannon Edmonds

On 8/15/2011 10:14 AM, Benjamin Coddington wrote:
[log in to unmask]" type="cite">
For the record, I think Scott Adams is the /real/ prophet:

http://dilbert.com/dyn/str_strip/000000000/00000000/0000000/000000/00000/1000/700/1782/1782.strip.gif

Ben

PS 
Here's a source study for True Cost:

http://www.cl.cam.ac.uk/~rja14/shb10/
http://www.cl.cam.ac.uk/~rja14/shb10/angela2.pdf

On Aug 15, 2011, at 9:56 AM, Andrew Hendrickson wrote:

Unless the math is faulty, this comic, sent to me by an unnamed colleague, makes an interesting point regarding passwords:

http://www.xkcd.com/936/

Discuss amongst yourselves, I'll get coffee . . .

Andrew Hendrickson
CAS, IT Administrator
UVM, College of Arts & Sciences
438 College Street #402
Burlington, VT
05405

802-656-7971
802-656-4529 (fax)

[log in to unmask]

To submit a request for service please use:
http://footprints.uvm.edu/ashelp.html

Andrew Hendrickson
CAS, IT Administrator
UVM, College of Arts & Sciences
438 College Street #402
Burlington, VT
05405

802-656-7971
802-656-4529 (fax)


To submit a request for service please use: