Welcome to the SecAware blog

I spy with my beady eye ...

1 Oct 2017

NBlog October 1 - security culture module

Well, despite Finagle's Lawwe've limped home over the finishing line.  Another tidy stack of NoticeBored security awareness content is packaged up and will shortly be ready for our subscribers to download, customize and deploy.

'Security culture' is the 63rd awareness topic we've covered, among the most challenging module to develop and yet also the most rewarding: it's clear, in retrospect, what an important topic this is for any organization that takes information security seriously enough to run an awareness program. In short, there is no better mechanism than an effective security awareness program with which to foster a security culture. How on Earth have we ducked the issue for so long?  

Perhaps it's a maturity thing. Perhaps it's cultural: we are forging new paths, heading way off the track well-beaten by more conventional security awareness programs. 

Just in case you missed it,
there's so much more to
security awareness than phishing!

I pity organizations that rely solely on their security and privacy policies. 'Laying down the law' is undoubtedly an important part of the process, necessary but not sufficient. If it were, speed limit signs coupled with the threat of prosecution would have long since curbed driving incidents: we'd be left dealing with genuine accidents, mechanical failures and so forth, but excess speed would hardly ever be an issue. Patently, it is not ... and that's despite the parallel investment in awareness, training and education. 

It doesn't take much to imagine the carnage on our roads if 'laying down the law' was all that happened.

Turns out it's not too hard to elaborate on the business benefits of a corporate security culture. There are genuine business reasons for managers, in particular, to take this seriously, something that Enron, Sony and Equifax management and stakeholders might appreciate more than most.

We'll complete the delivery and update the website tomorrow, once the final stages of the computer rebuild are completed. It has been a long weekend!

No comments:

Post a Comment