The effectiveness of an information security awareness program ultimately depends upon the behavior of people. Behavior, in turn, depends on what people know, how they feel, and what their instincts tell them to do. While a security awareness training program can impart information scurity knowledge it rarely has significant impact on people's feelings about their responsibility for securing information, or their deeper security instincts. The result is often a gap between the dictates of information security policy and the behaviors of the people. It is the role of culture to close this gap.
It is the CISO's responsibility to provide the organizational leadership required to change how the organization perceives, thinks and feels in relation to information security problems, to embed the information security subculture into the dominant culture of the organization. Meeting this responsibility requires the CISO to evolve an information security learning organization to modify its behavior to reflect new information security knowledge and insights.
A HAPPY AND HEALTHY NEW YEAR TO ALL !!!!!!!!!!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment