Most security risks are driven in practice by the lack of a well-defined and managed information security (IS) culture, with errors and breaches frequently caused by human error and a failure to follow procedure. Most analysts and information security officers agree that humans are the weakest links of any information security framework.
With adequate behavior change, you can turn your weakest link into your first line of defense. Easy to say… but in practice, it is quite a challenge!
How do we achieve it?
Many people think awareness and training are key elements. They are not far from the truth! In fact, awareness and training are only part of the solution. Let’s take a step back to understand the behavior change process and then, apply it to our first line of defense!
4 Steps to Behavior Change
1. Awareness - Target Group knows WHAT is needed and When it is needed
2. Understanding - Target Group knows WHY and HOW action is needed
3. Action - Target Group is ready to be involved into specific activities
4. Commitment - Target Group is responsibly committed to and supports initiative
Following this model, by reaching the ‘’commitment level’’, chances are that the weakest link will be the best line of defense. Awareness is not training. Awareness is about reaching a mass audience with very attractive packaging that reaches the emotion, to deliver a short and strong message. Awareness allows the audience to recognize situations. It is the first step to a behavior change.Training teaches what to do in situations. Training is about the acquisition of knowledge, skills, and competencies.Awareness and training, when well combined are powerful behavior change tools.
Wednesday, August 31, 2011
Friday, August 19, 2011
Train employees – your best defense – for security awareness
With so many security threats on the horizon, it may be comforting to know the strongest security asset is already inside the company employees.
New security threats and identity theft schemes are being developed every day, and large corporations continually invest millions of dollars and thousands of man-hours to keep their information and identity safe and their network secure.
But investing time and money into securing the organization and its customers can be completely undermined if employees don’t understand their role in the security plan.
Even when an organization has state-of-the-art technology, strict security policies, and a highly skilled IT staff to manage policies, some organizations are not as secure as they could be. In fact, a recent survey showed 40 percent of IT managers surveyed reported that their organization had experienced at least one security breach in the last year.
New security threats and identity theft schemes are being developed every day, and large corporations continually invest millions of dollars and thousands of man-hours to keep their information and identity safe and their network secure.
But investing time and money into securing the organization and its customers can be completely undermined if employees don’t understand their role in the security plan.
Even when an organization has state-of-the-art technology, strict security policies, and a highly skilled IT staff to manage policies, some organizations are not as secure as they could be. In fact, a recent survey showed 40 percent of IT managers surveyed reported that their organization had experienced at least one security breach in the last year.
Subscribe to:
Comments (Atom)