One of the biggest take-aways (and surprises) for me from the 2015 Security Awareness Report is the lack of soft skills in our field. Over 75% of those leading or supporting a security awareness program had very technical backgrounds, to include IT admins, security analysts and even webmasters (page 8). In addition, we found most security awareness programs falling under the IT chain of command. Once you read the report it really makes sense. If an organization is concerned about the security of their employees, where do they go? The security team. And who makes up most security teams? Highly skilled and highly technical wizards that live and breathe bits and bytes.However, awareness is ultimatelyabout changing human behavior, and to do that effectively it comes down to communication. If people do not know what they are supposed to do or why, they will neither be …
Related Posts
"Ready or notu0085 here comes NERC CIP Version 5"
Editor's Note:Ted Gutierrezis the ICS & NERC CIP Product Manager at the SANS Institute.Below he…
"The Security Awareness Planning Kit – Updated"
Folks, we have lots of new and exciting updates for the Security Awareness Planning Kitwhich…
"Awareness Summit Talk – Cheryl Conley on Phishing at Lockheed Martin"
Editor's Note: Over the coming weeks we will post recaps of speakers' talks from the…
