At my “real job”, I’m constantly getting push back from users, ops people (netadmins sysadmins, etc) and developers about security. For example:
- “This isn’t the pentagon”
- “We can’t do our work”
- “But it’s encrypted and the key is only by two different people”
- “You say it’s an security issue but we haven’t been hacked so far so how much of a risk can it be”
At first glance, of these statements seem valid and reasonable (especially when it’s presented to upper management).
When management comes to you with these statements, these needs to be simple, concise answers (maybe two, for both technical and non-technical users)
How many of you have received these arguments from users?
What other arguments have you received?
How have you responded? (especially if you “won” the argument and convinced the user and manager)
We’ll collect the responses and summarize. Email us at firstname.lastname@example.org (remove numbers)