Why Computer Security Advice is More Confusing Than It Should be

hubie writes:

Why Computer Security Advice Is More Confusing Than It Should Be:

If you find the computer security guidelines you get at work confusing and not very useful, you're not alone. A new study highlights a key problem with how these guidelines are created, and outlines simple steps that would improve them - and probably make your computer safer.

At issue are the computer security guidelines that organizations like businesses and government agencies provide their employees. These guidelines are generally designed to help employees protect personal and employer data and minimize risks associated with threats such as malware and phishing scams.

[...] "The key takeaway here is that the people writing these guidelines try to give as much information as possible," Reaves says. "That's great, in theory. But the writers don't prioritize the advice that's most important. Or, more specifically, they don't deprioritize the points that are significantly less important. And because there is so much security advice to include, the guidelines can be overwhelming - and the most important points get lost in the shuffle."

The researchers found that one reason security guidelines can be so overwhelming is that guideline writers tend to incorporate every possible item from a wide variety of authoritative sources.

"In other words, the guideline writers are compiling security information, rather than curating security information for their readers," Reaves says.

Read more of this story at SoylentNews.