Article

Meta: Improve awareness of security issues

Edward Hurley, SearchSecurity.com News Writer

It's almost a cliche that end-user awareness of security issues is critical to keeping a company secure. But recent research from the Meta Group confirms it and offers suggestions for improving the situation.

The Stamford, Conn.-based research firm found that more than 75% of companies see the lack of user

    Requires Free Membership to View

security awareness as detracting from their security programs. About two-thirds of companies see the lack of awareness among executives as having a similar impact.

Teaching users about security is not an easy task. Security professionals tend to be more comfortable fiddling with firewalls or installing intrusion-detection systems than educating end users about safe computing practices. Moreover, management doesn't usually expect security professionals to be skilled communicators.

"Most organizations will fail to successfully secure their technology environment simply because the security staff lacks the communication skills to create this shift in corporate culture," said Meta in a statement.

While the awareness problem is nothing new, answers aren't obvious. Some organizations go so far as to make awareness programs a requirement, but few of these programs are funded, according to Meta.

A good way of measuring security staffs' communication skills is to look at how well users understand corporate security policy and safe computing practices.

Helping security pros develop those skills requires a supportive corporate culture and years of investment. For example, communication skills should be considered during the hiring and annual review processes, much as technical skills are.

Obviously, having employees with solid technical skills is important, but "the importance of communicating security policy to end users is critical to obtain their cooperation in security initiatives and therefore should not be given short shrift," Meta said. "As security teams focus on policy and audit/compliance, the success of those security initiatives depends on obtaining cooperation from end users, executive management, and IT and business managers."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: