AVAR Conference Paper 2008

In 2008, Randy Abrams and I wrote a paper for the AVAR conference in Delhi on People Patching: Is User Education Any Use at All? The paper is available from the ESET WeLiveSecurity site here.

And here’s the abstract:

In general, the anti-malware community splits dramatically into two camps when it comes to the evergreen debate about the effectiveness of user education and security awareness asa protective measure. One camp argues that “if education was of any use, it would have worked by now”: the other, that “education is key” and “you can’t fix social problems with technological solutions”.

Is the answer out there in No Man’s Land? We don’t believe that there is a 100% solution that will “fix” internet lawlessness, let alone human nature (if there is, it probably isn’t education). We do, however, believe, based on our own observations and experience with very large user populations, that properly targeted and implemented education and training, supplemented by other non-technological approaches such as sound policy enforcement, can play a vital part in a multi-layered defensive strategy.

In this paper we will therefore consider (1) the arguments for and against devoting resources to education, training and security awareness (2) approaches to integrating social, less-technological approaches to security into a formal defensive framework (3) user-friendly approaches to teaching computer hygiene to audiences with very mixed experience and technical knowledge.

While we will, mindful of our own experience and the focus of the conference, be addressing the role of education in malware management in particular, we believe the general principles we’ll be discussing are applicable across the whole range of computer security.

Small Blue-Green World
ESET Senior Research Fellow

About David Harley

Musician/singer/songwriter; independent author/editor
This entry was posted in AVAR, conference papers, David Harley. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.