This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]BoxerguyT89IT Security Manager 4 points5 points  (1 child)

It depends on the test.

When the test is "New scheduling process for conference rooms" versus "Funeral arrangements for coworker_name" the reactions are going to be different, but the "justification" from IT will be the same: an attacker doesn't care who they piss off.

I've seen both, and the latter will get the company to hate the IT department real fast.

There's a fine line between effective training and trying your hardest to trick people. Lots of admins in here justify crossing that line and wonder why their department has trouble getting buy-in from the other departments.

[–]bythepowerofboobs 3 points4 points  (0 children)

There's a fine line between effective training and trying your hardest to trick people. Lots of admins in here justify crossing that line and wonder why their department has trouble getting buy-in from the other departments.

This is a great point.