Secure The Core: Advice For Agencies Under Attack - InformationWeek
Secure The Core: Advice For Agencies Under Attack
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
9/4/2014 | 12:23:51 PM
Re: Buying into the Security Culture
You are correct - the weakest link is usually the user community, and is also the most difficult challenge to overcome. The key is to engineer their behavior through awareness training, and transform the organization's culture to include secure practices. Security awareness training is such a difficult task because there are so many different personalities involved. However, measurable training effectiveness can be achieved by delivering a message that becomes personal to the individual, so relating secure practices at work to their personal activities definitely helps. When you think about it, secure practices at work are really not much different from secure practices in one's personal life. When I deliver awareness training, I start with its implications on personal activities - online banking, shopping, social media, etc. That gets their attention all the time, and always results in lively discussion. Then I introduce corporate secure practices and demonstrate how those are not very different from the same ones I advocate they use in their personal activities. I think this method allows for better retention and effectiveness. Having said that, organizations should definitely have strong user controls in place, and should anticipate that users will attempt to circumvent them. When coupled with effective awareness training, the combination goes a long way towards the goal of transforming the organization's culture to include secure practices.
User Rank: Ninja
9/4/2014 | 9:17:50 AM
Buying into the Security Culture
While I absolutely agree that one of the critical areas of security comes down to ensuring that everyone who has access to corporate resources understands their role in security, sadly this is still going to be the weak point of most organizations' perimeter defence.  Let's face it, employees are tired of hearing about security and are looking for ways to get around basic security controls so that they have, what they feel, is a balance of convenience and access.  The sad fact is that unless strong user controls are in place to dictate how data can be used and stored, and even ensuring that all the devices used to access the data (laptop, mobile, tablet) have the right security controls is still a huge gap for many organizations.

How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll