Re: Senior management super powers widely misunderstood
Senior staff frequently in my experience have a clued up secretary (aka admin assistant) to do that for them (and print out the emails they need to read). Nothing to do with innate sense, other than that to understand where an activity is above (below?) their pay grade.
Not always. We (who shall remain unnamed) survived at the time the "I love you" virus entirely unscathed because we had lots of tech developers around who wouldn't touch uncleared attachments, and we were using Lotus Notes where sheer usability challenges (that's an understatement) pretty much stopped people opening files.
However, 2 weeks later we suddenly had one alert come up - a machine had been quarantined after this virus had been detected. Turned out to be the CFO secretary who had just returned from holiday and opened the email regardless (she was working backwards in time, and thus missed the warning email). We didn't make much fuss over it, because it should not have gotten to her inbox in the first place - clearly we had not been fast enough with the filters.
Personally, I find blaming people for IT and security failures not only weak, but pointless. Your job is not to whinge at people, it is taking into account that we're all human (don't tell me you've never made a mistake) and MANAGE that risk. Sorry if that goes against established behaviour, but I cannot blame a secretary for not being an IT security expert. Training and gently making them think may help, but I find it frankly arrogant to label them as a problem. They work there, they form an established risk, factor it in and deal with it.
In my opinion, it's not users or management that is the biggest risk - it's attitude. Try seeing the world from their side, and the quality and perception of the IT and security you offer will rise spectacularly.
IMHO, of course :)