Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

Chapter 8: Education in Education > Frequently Asked Questions - Pg. 345

Education in Education · Chapter 8 345 Frequently Asked Questions Q: Isn't training part of education? A: Of course. And while quasi-Victorian rote learning is out of fashion with educationalists and legislators in the UK and elsewhere at the moment, there has to be an element of mechanical drilling and memorization in many areas, as a means of teaching the basic skills that are the foundation for better understanding. Military organizations often understand this very well, expending considerable resources on teaching members on how to decide when reflexive obedience should give way to initiative and individual responsibility. Q: Why hasn't user education worked better in security, then? A: User education is a bit like socialism: we don't exactly know if it works, because no one's ever done it properly. For some people, fairly basic training works very well. After all, much security is just common sense dressed up with jargon. It's quite possible that many more people would benefit just as well, if the training they received was better resourced and/or better targeted. It's even possible that if people were better educated in the areas of ethics and social responsibility, that the online world would be a lot less like the Wild West. Q: What are the essential components of a security policy? A: We'll talk about that more in the governance chapter. However, commonly used definitions suggest that it should be a brief and high-level document that includes mission statement, goals, and objectives. It should be supported by standards, guidelines, baselines, and procedures. Q: How do policies and standards fit in with training and education? A: It makes sense for policies and related documentation to be part of the core training material. However, education, technological solutions, and policy are complementary components of a multi-layered strategy, not "Either...Or" alternatives. Q: Shouldn't users be punished for infringing security rules? A: By all means, if it's deliberate. But it makes sense not to discourage people from reporting problems, especially if they think they may have made a mistake. Q: What are the advantages of registering as a WARP? A: Initially, you benefit from the documented experience of previously registered organizations, and from the Filtered Warning Application made exclusively available www.syngress.com