Quick Hits

Companies Still Falling Short On Security Training, Study Says

Nearly half of security professionals say their company cultures are "unsupportive" of security
Despite the hoopla surrounding security breaches and vulnerabilities, many companies still have not developed comprehensive training programs or a corporate culture of security, according to a study that will be published later this month.

According to a news report, the (ISC)2 security organization and InfoSec Europe 2009 have completed a survey of some 700 security professionals that will be presented at the InfoSec conference on April 30.

In the survey, nearly half (48 percent) of the respondents cite a lack of training and an "unsupportive company culture" around security. Forty-six percent of the respondents say employees in their companies have a "weak understanding" of security policy, according to the report.

Of those companies that tried to educate employees on security, 56 percent offer training or information online, and 35 percent use an employee newsletter, the report says. Only one-quarter of the organizations surveyed train staff in person.

Most businesses (63 percent) track whether their security policies are being followed, according to the report. Six in 10 take action on employees who break the policies.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message