Information security is everyone’s responsibility, including the travelling sales representative, the mail room manager, the customer service associate and the CEO. For a security awareness program to be truly effective, everyone in the organization must do their part to promote security. Senior management and boards of directors must ensure the organization’s culture puts a priority on security.

Also published as part of an article in CSO Magazine Australia, by Sue Bushell (10 of the Best for Security, 8 March 2006)

The Global Information Security Survey of Ernst & Young cited “lack of security awareness by users” as the top obstacle for effective information security.

There are several critical success factors to attaining a security-aware culture, including:

  • A formal security awareness policy that defines the appropriate safeguards and security procedures must exist.
  • Executive management support for the security awareness program is crucial.
  • “Security-positive” behaviour must be one of the criteria upon which employees are evaluated.
  • Security awareness activities must be part of a continuous process – not a one-time effort.
  • The target audience of the security awareness program must include visitors, consultants, external staff, business partners and others that interact with the organization.
  • The effectiveness of the program must be measured.

Security awareness initiatives are part of an overall information security management program. Crucial in this is the existence of a formal security awareness policy that translates the security strategy and defines the appropriate level of security and safeguards by means of a security policy document, security standards and security procedures. Equally crucial is the existence of a well-structured information security organization with sufficient authority.

See also my book – Security Awareness: Best Practices to Serve Your Enterprise – available in the ISACA bookstore.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply