Security Awareness Training and Communication

Security Awareness is the tool most used to inform and educate users on policy and accepted practices and procedures that support the university. It is often the most important and, in many ways, the least expensive way to impact the overall security of an organization. An organization's staff is the most cost-effective countermeasure against security compromises and IT security depends on the cooperation of every user.

Security awareness is also the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization. Being security aware means you understand that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within the organization's computer systems and throughout its organization. Therefore, it would be prudent to support the assets of the organization's (non-public personal information [NPPI]).

The Current Business Climate and Security Awareness

The protection and security of PII and corporate information needs to minimally be maintained in the current business climate. In fact I believe we must be even more vigilant to insure information security does not fall through the cracks. At times like these it is vitally important we maintain information security awareness, training and education programs.

These are tumultuous times, characterized by shot-gun mergers, acquisitions, and corporate restructurings resulting in mass lay-offs. This corporate churn forces companies to change employee access to sensitive corporate data on very short notice, grant access privileges to new employees, adjust access privileges for re-assigned employees, and terminate access for former employees and contractors.

Organizations that are "identity aware" can successfully - and proactively - manage the IT risk associated with changing user access to applications and systems.