Security Awareness Challenges
Would love to hear from you about your challenges, here are a list of the one's that I have found in my dealings with our clients:
1. Having the organization provide end-user security awareness training with the proper priority status. Most often management does not see end user security awareness as being a priority and therefore is not behind putting in the effort to roll-out a full program that will have impact.
2. Developing a clear and consistent message about the importance of information security to both the organization and the individual.
3. Obtaining or developing materials that contain a clear message about security topics that are both interesting and motivating. Many organizations' see this as a huge obstacle and rarely look for existing materials available online or through a security awareness company. Instead, they feel the need to internally develop these materials which rapidly becomes an overwhelming project.
4. Getting the users to take a personal interest in information security and actually motivating them to take the training. Motivating users to take a personal interest in information security is extremely difficult. In most cases they feel the training is a waste of time and being pushed on them by either the technology department or management. They do not take any personal interest in the training since the organization failed to communicate effectively that the benefits of this training would protect them at home also.
5. Having individual users retain the training and have it result in the development and maintenance of safer computer usage habits. Many of our clients report that the end user takes the training but when doing random testing a few months after they are reverting back to old habits. Repetition of the training is key to addressing this challenge and using new and fresh communication tools. Often, however, this is not done.
1. Having the organization provide end-user security awareness training with the proper priority status. Most often management does not see end user security awareness as being a priority and therefore is not behind putting in the effort to roll-out a full program that will have impact.
2. Developing a clear and consistent message about the importance of information security to both the organization and the individual.
3. Obtaining or developing materials that contain a clear message about security topics that are both interesting and motivating. Many organizations' see this as a huge obstacle and rarely look for existing materials available online or through a security awareness company. Instead, they feel the need to internally develop these materials which rapidly becomes an overwhelming project.
4. Getting the users to take a personal interest in information security and actually motivating them to take the training. Motivating users to take a personal interest in information security is extremely difficult. In most cases they feel the training is a waste of time and being pushed on them by either the technology department or management. They do not take any personal interest in the training since the organization failed to communicate effectively that the benefits of this training would protect them at home also.
5. Having individual users retain the training and have it result in the development and maintenance of safer computer usage habits. Many of our clients report that the end user takes the training but when doing random testing a few months after they are reverting back to old habits. Repetition of the training is key to addressing this challenge and using new and fresh communication tools. Often, however, this is not done.
Comments
Post new comment