Have you, a security professional, ever willingly circumvented a security measure? | ||
Surfed to a blocked site, bypassing a content filter (22%) | ||
Violated whatever physical security measure (18%) | ||
Used a web-based email against the policy (16%) | ||
Sent a document to home address against the policy (16%) | ||
Used IM or IRC against the policy (14%) | ||
Other - please comment on the blog (7%) | ||
I NEVER did anything of that sort (3%) |
So, what is here to conclude? Security people are people too. And, I said in the past, security issues are here not because of bad TCP/IP stack or buggy Windows, they are here because people are, well, people.
Think about it (but not for too long - your head might spin ... :-)): if you need to do you job (i.e. security) and a security measure (which you might or might not think of as "stupid" beforehand) stands between you and you doing your job, would you break it? I suspect that my little unscientific survey answers it: "hell yeah!" :-)
Now, can you now blame your users for doing the same? I dunno :-)