Have you, a security professional, ever willingly circumvented a security measure?
|Surfed to a blocked site, bypassing a content filter (22%) |
|Violated whatever physical security measure (18%) |
|Used a web-based email against the policy (16%) |
|Sent a document to home address against the policy (16%) |
|Used IM or IRC against the policy (14%) |
|Other - please comment on the blog (7%) |
|I NEVER did anything of that sort (3%)|
So, what is here to conclude? Security people are people too. And, I said in the past, security issues are here not because of bad TCP/IP stack or buggy Windows, they are here because people are, well, people.
Think about it (but not for too long - your head might spin ... :-)): if you need to do you job (i.e. security) and a security measure (which you might or might not think of as "stupid" beforehand) stands between you and you doing your job, would you break it? I suspect that my little unscientific survey answers it: "hell yeah!" :-)
Now, can you now blame your users for doing the same? I dunno :-)