IT Departments Are A Security Risk

stlhawkeye writes "An article at Information Week asks the question - is your IT department a security risk? The thesis of the article is that rank-and-file employees will tend to engage in dangerous/insecure/irresponsible computing and internet behavior if they know that there's an IT department to clean up the mess. 'That confidence,' says the article,'leads workers to do risky, even stupid, things at work, such as opening questionable e-mail messages or clicking on unknown Web site links.' Employee education and training doesn't help, either: '[S]ome workers slough off responsibility for even knowing about threats. Workers in larger companies don't worry about being educated. Big company employees just don't see security as their responsibility.'"

This wouldn't explain ...

[subsoniq]

Why Home users get into so much trouble. I don't think it's because they feel they can ignore security due to the existance of an IT department to clean up their mess, I feel it's because they try to think of this technology like any other technology, a blackbox that you push a few buttons and turn a few dials, something that is completely harmless.

Our company has consequences for stupid user action, up to and including employment termination, so uers are "motivated" to learn the dangers that might confront them and how to avoid them.

Re:Different Interpretation

[NDPTAL85]

Wow. With your comment you sum up the real problem with IT depts. You assume you are even on the same level of importance with those you serve, let alone superior.

You are not there to "grant" the privledge of computing. You are there to "support" it. The people who do the actual work of the company are the ones who bring the money in. So if they want to open risky attachments, then fine. Harden your network to brace for that and be done with the issue.