A number of factors have come together to cause me to rethink our approach to security awareness and training. For years we have discussed the need for organizations to have a dedicated Security Awareness Officer. I'm beginning to think this is wrong. We don't need security awareness officers, what we need are more Security Communications … Continue reading What You Actually Need is a Security Communications Officer
Editor's Note: This is a guest Blog Post from John Haren, Information Security Governance Specialist at Diageo with special responsibility for the Information Management & Security Awareness program globally. Below John describes how he has put together a Champtions Network (or often called Ambassador Program) for his organization. We are seeing this approach to awareness … Continue reading Creating a Security Champions Network
For years I've been struggling on how to best demonstrate the lack of investment in human controls versus technical controls. A big shouts out to James Lyne who gave me this idea based on a presentation he did in London in November. In this graph you see over the past 15 years numerous steps Microsoft … Continue reading Windows vs Human Security - By The Years
I just finished reading John Kotter's amazing book Leading Change, a resource I absolutely recommend for anyone involved in the world of security awareness. John Kotter is one of the world's leading experts on culture change with over 30 years experience in this field and a graduate of both Harvard and MIT. His book takes … Continue reading Book Review - John Kotter's "Leading Change"
One of the first steps in attempting to change culture is creating a sense of urgency. Without a strong sense for a need for change, especially at the senior level, it is difficult to change peoples' beliefs, attitudes and behaviors. The excellent book Leading Change by John Kotter does an outstanding of explaining an … Continue reading American vs. European Reporting - Creating a Sense of Urgency