For decades, organizations have spent millions attempting to educate employees on security awareness. The results have been marginal, at best, according to the Information Security Forum (ISF) a nonprofit association that researches and analyzes security and risk management issues.
"A really small percentage of organizations are able to say they've reached a heightened level of security awareness or positive behaviors that they're really striving for," says Steve Durbin, global vice president of ISF. "If what we're currently doing from an awareness standpoint isn't working, what do we need to do to be more effective in this space?"
The answer, he says, is to embed positive security behaviors into your business processes. Here are 10 principles that can help.