our primary datacenter is currently experiencing a network outage
We are running out of our secondary location, however this means that not all parts of the site will work.
This includes the contact form and the email address handlers@sans.org.
To contact us please use the alternate address handlers-at-handlers.dshield.org
MH
The Many Paths to Security Awareness
Promoting Security Awareness is an ongoing challenge in our field. Without a good understanding of Security Awareness and issues, getting appreciation at the senior management level for security issues is a real problem. Security Awareness is critical in influencing business decisions to include (and hopefully fund) security components into every project, protecting the corporate assets from both theft and lawsuits.
However, Security Awareness does not mean the same thing to everyone in a company.
Senior Management, for instance, will be more concerned with legal and regulatory requirements, as well as the impacts of security on overall corporate performance.
Department managers will be more zoned in on budgets and funding, as well as directing their reporting groups towards policy compliance.
People who work on the actual deliverables of the company may be concerned about personal incentives, system uptime, or may be influenced by corporate policies.
Awareness for developers tends to concentrate on secure coding and peaceful co-existence with system administrators who are enforcing policies at a technical level in the Datacenter and desktops.
From a Security Awareness perspective the blanket term “end user” grows to encompass many audiences – not only folks with basic desks and phones, but developers, senior managers, salespeople, engineers, health-care professionals, all kinds of people with different concerns, different goals, and a different set of reasons/excuses for exceptions to one thing or another.
Sadly, even today almost everyone tends to view security concerns as impediments to their job rather than as actions and factors that assist and support them.
So how do we influence our coworkers or customers to factor Security Awareness into their daily decisions and actions?
The short answer is "it varies".
The best answer that I’ve seen is that we need a toolkit of methods, and for any particular audience we need to dip into that arsenal and pick the 2 or 3 or 5 methods that we think will work best to deliver your message successfully, get them to take your message to heart and see that desired positive change in behavior.
Over time, the goal of Security Awareness is to have your organization or client organization realize measurable movement towards the positive side of spectrum - both of actual awareness of security concerns and measurable security behaviors and metrics. As in most things, Security Awareness is all about the journey, there is no destination – you can always get better, but you never “arrive.”
I’m very interested in how people are delivering security messages to their organizations and customer organizations, raising awareness and influencing behaviors (in a positive way) in that process. If you have a moment, we’d really appreciate your input in the survey attached to this diary. It's set up as a matrix, feel free to indicate whichever methods you've seen used successfully in your situation. Multiple answers are ok and are encouraged (just please don't click them all). Feel free to post any text input either in the survey text fields or in the diary comments (at the bottom of this page)
We’ll collect data on this survey and report back in a follow-up diary in a couple of weeks.
(This survey requires Javascript - If you are running Noscript or a similar tool you will need to "permit" this site)
(Depending on your browser this survey will open in a new browser tab or a new browser window)
=============== Rob VandenBrink Metafore ===============
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago