https://community.isc2.org/t5/Industry-News/Whose-responsibility-is-security/m-p/29115#M3579 <P>&nbsp;</P><P>&nbsp;</P><P><A href="https://edition.cnn.com/2019/10/18/tech/reporter-hack/index.html" target="_blank" rel="noopener">This CNN article</A> talks about one of their reporters being hacked --- at his request --- &amp; shows how hackers can exploit service providers &amp; use information you share to get to you.</P><P>&nbsp;</P><P>Which brings me to the subject of the post --- whose responsibility is security?</P><P>&nbsp;</P><P>As a service user, should my service provider take a hit, I'd be affected as well.</P><P>&nbsp;</P><P>Be it information / identity theft, service unavailability, fraud, etc., if I'm going to be impacted, I would want to ensure my security.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>P.S. There's really nothing new here, so this board may not be the place for my post; <a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/851207865">@Kaity</a>, please move it as needed.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 20 Oct 2019 06:44:35 GMT Shannon 2019-10-20T06:44:35Z https://community.isc2.org/t5/Industry-News/Whose-responsibility-is-security/m-p/29115#M3579 <P>&nbsp;</P><P>&nbsp;</P><P><A href="https://edition.cnn.com/2019/10/18/tech/reporter-hack/index.html" target="_blank" rel="noopener">This CNN article</A> talks about one of their reporters being hacked --- at his request --- &amp; shows how hackers can exploit service providers &amp; use information you share to get to you.</P><P>&nbsp;</P><P>Which brings me to the subject of the post --- whose responsibility is security?</P><P>&nbsp;</P><P>As a service user, should my service provider take a hit, I'd be affected as well.</P><P>&nbsp;</P><P>Be it information / identity theft, service unavailability, fraud, etc., if I'm going to be impacted, I would want to ensure my security.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>P.S. There's really nothing new here, so this board may not be the place for my post; <a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/851207865">@Kaity</a>, please move it as needed.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 20 Oct 2019 06:44:35 GMT https://community.isc2.org/t5/Industry-News/Whose-responsibility-is-security/m-p/29115#M3579 Shannon 2019-10-20T06:44:35Z https://community.isc2.org/t5/Industry-News/Whose-responsibility-is-security/m-p/29313#M3608 <P>It doesn't help if one doesn't know how the tech works.&nbsp; Today, I stupidly clicked "allow" on a website that, like thousands of other sites before it, asked me to&nbsp;<EM>allow</EM> or <EM>block</EM> notifications.&nbsp; I don't even know if that's a cookie that should be dismantled, or an ad-based third-party system which will follow me to the end of my earth.</P><P>&nbsp;</P><P>Anyway, I clicked it.&nbsp; I should soon reload my PC in paranoiac fashion.<BR /><BR />We've legislated other societal situations in the past, which the average citizen might not properly understand.&nbsp; RICO laws, fraud laws, hell... think about how nebulous, yet all-encompassing "conspiracy" as a crime is, but thank goodness for the "There Oughta Be A Law" people who want to prevent a crime.</P><P>&nbsp;</P><P>Since technology will always outpace legislation, we should remain grateful for the idiot reporter that permits a charismatic person to uckfay his ife-lay for a story.&nbsp; We can read first-hand about what social engineering is, and hopefully apply enough sense to not respond to the survey at the bottom of the story.</P> Sun, 27 Oct 2019 16:39:06 GMT https://community.isc2.org/t5/Industry-News/Whose-responsibility-is-security/m-p/29313#M3608 ericgeater 2019-10-27T16:39:06Z https://community.isc2.org/t5/Industry-News/Whose-responsibility-is-security/m-p/29321#M3610 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/136236425">@ericgeater</a>&nbsp;wrote:<BR /><P>It doesn't help if one doesn't know how the tech works.</P><HR /></BLOCKQUOTE><P>&nbsp;</P><P>That's true,&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/136236425">@ericgeater</a>, but I'd say that while knowledge / awareness are essential, attitude is what really makes a difference.</P><P>&nbsp;</P><P>&nbsp;</P><P>Some of the common mindsets that can be real hurdles when it comes to IT Security are: -</P><P>&nbsp;</P><UL><LI>'<EM>Honestly, I don't care.</EM>'</LI><LI>'<EM>That's not likely to happen to me.</EM>'</LI><LI><EM>'This is really a waste of time!'</EM></LI><LI><EM>'This isn't worth the effort &amp; money."</EM></LI><LI>'<EM>I'm too old for this!</EM>' *</LI></UL><P>&nbsp;</P><P>* That came from my father when I was helping him with his Gmail account's security settings&nbsp;<img id="manwink" class="emoticon emoticon-manwink" src="https://community.isc2.org/i/smilies/16x16_man-wink.png" alt="Man Wink" title="Man Wink" /></P><P>&nbsp;</P><P>If someone with an attitude like that lacks sufficient knowledge / awareness, he's not likely to want to improve it; if he already possesses ample knowledge / awareness, he won't be keen on making the best of it.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 27 Oct 2019 22:54:43 GMT https://community.isc2.org/t5/Industry-News/Whose-responsibility-is-security/m-p/29321#M3610 Shannon 2019-10-27T22:54:43Z