We're missing out on the value of security awareness

When a program is ineffective, the problem is usually that the training wasn't designed in a way that would result in changes in behavior

By Ira Winkler, Computerworld |  Security, insider

Security awareness gets no respect.

It can be extremely valuable, if properly implemented. Too often, when it falls short, that is seen as a mark against security awareness programs themselves, instead of a problem with the implementation. And implementation is often a problem, because security awareness is usually taught by untrained people.

Earlier this year, I read an article in CSO saying that security awareness would never eliminate social-engineered security threats and therefore was a waste of time. I disagree with this point of view and responded with an article of my own, in which I touted the many success stories of security awareness campaigns and noted that it is folly to believe that any security measure is ever going to be 100% effective.

To continue reading, register here.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness