Are you the problem or the cure?
Carelessness and computer problems

An in-depth study of computer and network problems has identified carelessness of students and staff as one of the leading causes of those problems, not malicious behavior as most assume. As much as 40% of the incidents studied, such as hacker attacks, computer viruses, loss of confidential data, and other problems, could be attributed to carelessness. Another source of problems was inadequate training to help avoid problems, and lack of policies to deal effectively with incidents. Helping students develop judgment about computer issues and training staff is important to prevent and properly mitigate incidents.

The Final Report of the Computer Incident Factor Analysis and Categorization (CIFAC) Project, produced by Educause/Internet 2's Computer and Network Security Task Force made several recommendations to improving response and preventing incidents. UC and UCLA's current practices and planned development parallel these recommendations. They are:

• Having policies in place and enforcing them was important in preventing computer-related incidents on campuses.
• Providing training and education for IT personnel and establishing requirements for how they perform their jobsusing good procedures and practices was important to helping them prevent accidental behaviors.
• Providing training for users in areas such as security and data protection and providing more knowledge prior to use of systems was important in preventing incidents.
• Providing more resources, procedures and requirements relative to configuration of software and hardware, patching and debugging systems, engaging automated intrusion detection and prevention tools (IDS/IPS and firewalls) and automated compliance tools such as quarantine zones, were important in preventing incidents.