Last week we discussed how healthcare has been more successful in changing behaviors and measuring that change than we in the security community. Not only has healthcare been working longer on changing behaviors (such as washing hands) but they have more robust metrics for measuring. For security awareness programs, where can we start? I'll be … Continue reading First Key Metric for Any Security Awareness Program
Microsoft released their bi-annual Security Intelligence Report. This is a detailed analysis of the current state of malware and infection propagation methods on the Internet. Sources of data include Microsoft's Malicious Software Removal Tool (MSRT), which runs and analyzes over 600 million computers every month. Their key finding? The human is the number one … Continue reading Microsoft Confirms Human is #1 Malware Propagation Method
When trying to communicate the value of security awareness programs to management or other security professional, I find these three points a good starting point. First, keep in mind that ultimately security awareness is nothing more then another control. It reduces risk, it does not eliminate it. Anti-virus does not detect all malware, firewalls do … Continue reading Top Three Reasons Security Awareness Programs Are Effective
One of the best examples of awareness and education changing behaviors may not be found in our community (security) but in healthcare. As I posted yesterday, we have few examples of security awareness changing behaviors because to be honest so few organizations have tried (most security awareness programs focus on compliance). However healthcare is different. … Continue reading Awareness and Education Changing Behavior - HAI Anyone?
I'm a passionate believer that security awareness can work, that you can change human behavior and improve the security of your organization. Some people in the security community disagree, they feel awareness cannot work. If you look at security awareness programs in the past, I would have to agree. These awareness programs failed to change … Continue reading Effective Security Awareness Programs - Think Different