Follow on Google News News By Tag Industry News Country(s) Industry News
Follow on Google News | Information Security Forum: Embedding Positive Information Security Behaviors in Employees Is KeyLatest Research Finds That Making Employees Aware of Their Information Security Responsibilities and How They Should Respond is No Longer Enough
By: Information Security Forum According to the ISF, organizations have spent millions over recent decades on information security awareness activities. The rationale behind this approach was to take their biggest asset – people – and change their behaviors, thus reducing risk by providing them with knowledge of their responsibilities and what they need to do. From Promoting Awareness to Embedding Behaviors proposes that making people aware of their information security responsibilities and how they should respond is no longer enough. Instead, the answer is to embed positive information security behaviors, which will result in ‘stop and think’ becoming a habit and part of an organization’ “While many organizations have compliance activities which fall under the general heading of ‘security awareness’, the real commercial driver should be risk, and how new behaviors can reduce that risk,” said Steve Durbin, Global Vice President, ISF. “The time is right and the opportunity to shift away from awareness to tangible behaviors has never been greater. The C-suite has become more cyber-savvy, and regulators and stakeholders continually push for stronger governance, particularly in the area of risk management. Moving to behavior change will provide the CISO with the ammunition needed to provide positive answers to questions that are likely to be posed by the CEO and other members of the senior management team.” From Promoting Awareness to Embedding Behaviors helps organizations understand what ISF Members are doing about security awareness and behavioral change. This includes presenting what ‘good practice’ looks like, and proposing new and creative ideas that will improve or augment what leading ISF Member organizations already have in place. The research identified four requirements for future success: · Develop a risk-driven program · Target behavior change · Set realistic expectations · Engage people on a personal level “Today’s leaders often demand return on investment forecasts for the projects that they have to choose between, and awareness and training are no exception. Evaluating and demonstrating their value is becoming a business imperative,” From Promoting Awareness to Embedding Behaviorsis available now for purchase from the ISF Store on the ISF’s website www.securityforum.org. For more information, please contact Steve Durbin at steve.durbin@ About the Information Security Forum Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members. ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own. Further information about ISF research and membership is available from www.securityforum.org End
| |||||||||||||||||||||||||||||||||||||||||||||
Account Phone Number