It all boils down to awareness, which is built through patient and relentless education and marketing—yes, marketing—about the importance of security as both the guardian and enabler of core business value. An aggressive, well-designed and -executed security awareness program can help to transform the business culture, increase overall security program effectiveness and present the "brand" of the security function in a more positive, business-focused light. It can also help the security executive "sell up" to senior management and achieve the elusive goal of tight integration between business strategy and security practice.
Existing awareness programs target, in varying degrees, multiple constituencies—from boards of directors to senior executives to rank-and-file employees and even, sometimes, outward to trading partners and customers. Boards of directors (50 mentions) were in nearly a dead heat with vendors (49 mentions) for getting the least awareness attention. Not surprisingly, employees (148 mentions) got the most. Senior management (123), business unit management (114) and CEOs (84) also got plenty of focus.
31 May 2007
CSO Mag offers advice for those planning security awareness programs, based on responses to an earlier survey.