Commentary
Security Training: Whose Responsibility Is It?
Who else other than the CIO? So why aren't CIOs doing more about it?Who else other than the CIO? So why aren't CIOs doing more about it?Mark Twain is reported to have famously remarked: "Everybody talks about the weather. But nobody does anything about it."
I was reminded of that quip when I read a news story posted by my colleague K.C. Jones about the increased awareness of security problems related to mobile computing devices and wireless networks, and the lack of effort to do anything about it. The story was related to the release of a survey sponsored by an industry organization called the Computer Technology Industry Association (CompTIA). The organization claimed to have interviewed 1,070 organizations about their security concerns.
More Global CIO Insights
White Papers
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Reports
More >>Webcasts
- Maximize ROI with Database Consolidation onto Private Clouds
- Effective IT Inventory and Asset Management: From Quagmire to Quick Fix
Sixty percent of organizations surveyed recently said that security issues related to handheld devices have increased over the last 12 months... Still, only 32% of organizations have implemented any security awareness training for mobile and remote workers, according to CompTIA. Only 10% plan to implement security training in the next 12 months...
How could this be? Is it a question of resources, funding, executive support? Or is it a game of pass the buck? "That's an HR issue, not mine," huffs the hand-wringing, head-in-sand CIO.
Yet, the proof is there that security training can be effective, according to CompTIA. "Nearly 90 percent of organizations that have implemented awareness training for remote and mobile workers believe that the number of security breaches they've encountered has been reduced." said John Venator, president and CEO of CompTIA, in a statement. "Organizations that do not train their mobile workers in security fundamentals are doing themselves a great disservice," he said.
Security training in general doesn't seem to be a particular priority among CIOs. In the most recent InformationWeek Information Security Survey 2007, only 19% of the 1,101 business technology executives contacted in U.S. cite "Educate business groups" as a key tactical security priority in the next 12 months. In answer to the question, "How often does your organization train employees on information security policies/procedures?" 47% of U.S. respondents answered "Ad hoc," and 5% said "Never." If my math is correct, that adds up to more than half of the U.S. survey respondents training their employees on computer security policies and procedures, uh, mostly when they feel like it.
What will it take to make computer security -- in particular, security related to mobile computing and wireless networks-- a priority? And for CIOs to take responsibility for it -- and do something about it?
Related Reading
| To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. | |
|
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows












