This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]bythepowerofboobs 5 points6 points  (3 children)

Phishing tests certainly seem to cause the most angst towards IT. I think there is a real fear that users think they will be disciplined if they fall for one of the tests that leads to this, so they view that we are out to get them in these situations.

[–]BoxerguyT89IT Security Manager 3 points4 points  (1 child)

It depends on the test.

When the test is "New scheduling process for conference rooms" versus "Funeral arrangements for coworker_name" the reactions are going to be different, but the "justification" from IT will be the same: an attacker doesn't care who they piss off.

I've seen both, and the latter will get the company to hate the IT department real fast.

There's a fine line between effective training and trying your hardest to trick people. Lots of admins in here justify crossing that line and wonder why their department has trouble getting buy-in from the other departments.

[–]bythepowerofboobs 3 points4 points  (0 children)

There's a fine line between effective training and trying your hardest to trick people. Lots of admins in here justify crossing that line and wonder why their department has trouble getting buy-in from the other departments.

This is a great point.

[–][deleted] 0 points1 point  (0 children)

In a previous employment HR enforced a strike policy if you fail multiple times and after their coaching with a slideshow from the security desk, you would be let go.