Secure The Core: Advice For Agencies Under Attack
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
9/4/2014 | 12:23:51 PM
Re: Buying into the Security Culture
You are correct - the weakest link is usually the user community, and is also the most difficult challenge to overcome. The key is to engineer their behavior through awareness training, and transform the organization's culture to include secure practices. Security awareness training is such a difficult task because there are so many different personalities involved. However, measurable training effectiveness can be achieved by delivering a message that becomes personal to the individual, so relating secure practices at work to their personal activities definitely helps. When you think about it, secure practices at work are really not much different from secure practices in one's personal life. When I deliver awareness training, I start with its implications on personal activities - online banking, shopping, social media, etc. That gets their attention all the time, and always results in lively discussion. Then I introduce corporate secure practices and demonstrate how those are not very different from the same ones I advocate they use in their personal activities. I think this method allows for better retention and effectiveness. Having said that, organizations should definitely have strong user controls in place, and should anticipate that users will attempt to circumvent them. When coupled with effective awareness training, the combination goes a long way towards the goal of transforming the organization's culture to include secure practices.
User Rank: Ninja
9/4/2014 | 9:17:50 AM
Buying into the Security Culture
While I absolutely agree that one of the critical areas of security comes down to ensuring that everyone who has access to corporate resources understands their role in security, sadly this is still going to be the weak point of most organizations' perimeter defence.  Let's face it, employees are tired of hearing about security and are looking for ways to get around basic security controls so that they have, what they feel, is a balance of convenience and access.  The sad fact is that unless strong user controls are in place to dictate how data can be used and stored, and even ensuring that all the devices used to access the data (laptop, mobile, tablet) have the right security controls is still a huge gap for many organizations.

Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of September 25, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.