Welcome to the SecAware blog

I spy with my beady eye ...

29 Mar 2015

Another new security awareness topic: best practice

We have just delivered April's NoticeBored security awareness module covering best practices in information risk and security to subscribers - nearly 100Mb of crisp, fresh awareness content.

Numerous learned committees, panels, industry groups and other bodies of experts recommend best practices relevant to information risk and security, covering a wide variety of methods, controls and approaches.  What can we learn from their advice?  The latest NoticeBored module discusses a selection of best practices in information, helping our customers’ awareness audiences contemplate their purpose and value.  We even lay out for them a systematic, cyclic process for discovering, evaluating and adopting best practices.

Strictly speaking, the ‘best’ in ‘best practice’ is misleading unless the guidance is truly universal and cannot possibly be improved upon.  In reality, each organization differs in its situation or context and needs, so the practices that happen to be best for one might not suit another – in fact the guidance could turn out to be rotten for some.  Organizations intending to adopt best practice therefore need to evaluate the guidance to determine, first of all, whether it is even applicable to them, and secondly whether it is likely to be beneficial.

Best practice is also about systematic improvement.  It describes a state of excellence, a laudable objective or goal that inspires, motivates and encourages us to aspire to be ‘the best’ – or at the very least to avoid practices that are generally considered bad! 

Good on yer if your security awareness program covers best practices.  If not, and if it sounds like something that would catch your employees' imaginations, do get in touch.  We offer top quality, creative security awareness content on more than 50 topics, and we're already busy researching others.


No comments:

Post a Comment