"What emerged from the panel of security experts was an agreement that there is no one-size-fits-all answer to awareness training"
In a previous Wisegate report titled, "Preparing for the Top IT Security Threats of 2013," Wisegate CISO members shared their viewpoints on the top anticipated threats for 2013--and how to prepare for them. The general consensus among members was that specific threats--like the latest virus or DDoS attacks against household name banks -- are not the most urgent security concerns to address. Boiled down, it's 'the user' that represents the most commonly exploited security vulnerability that will require heightened attention from CISO's in 2013.
"What emerged from the panel of security experts was an agreement that there is no one-size-fits-all answer to awareness training," said Tom Newton, CISO of Carillion Clinic. "CISOs need imagination and perseverance to get their message across, and often innovative methods of training from third-party vendors can be quite helpful. We must instill in each employee they are ultimately responsible for information security."
Wisegate's most recent research reveals:
Simple data classification labels are the most effective with end users. Something simple like "protected" and "unprotected" is a great place to start.
CISOs need to make themselves more accessible. It encourages employees to openly share issues, and helps CISOs find out how effective their programs are.
The most effective programs use a variety of ways to get the message out that accommodates different learning styles.
CISOs need to be creative and tap into their in-house experts in Marketing & Training to help the program be successful.
The introduction of intermediary 'security leads' or security champions within and from the different departments can help to bridge that credibility gap between security and user.
Security executives are not alone. Even veteran CISOs are still figuring this out, and need to leverage help from others inside and outside their organization to be successful.
Wisegate's report shares specific details of how leading CISOs are planning to tackle these challenges and what strategies they will deploy. It also includes targeted polls from the broader Wisegate community of security experts that demonstrate levels of consensus around key issues.
"The latest Wisegate report demonstrates the importance of, and difficulty in, addressing security awareness issues and how the average computer user has become an open door for cyber criminals to attack every corporation," said Sara Gates, Founder and CEO of Wisegate. "Wisegate is focused on providing peer-expert information that will help CISOs form the right strategies needed to address user vulnerabilities. Wisegate provides the perfect forum for uniting senior information security practitioners to tackle the key issues that will help keep companies one step ahead."
To request a copy of Wisegate's report titled "CISOs Share Innovative & Practical Ways to Improve Security Awareness" please visit http://www.wisegateit.com/resources/downloads-security-awareness-report.
Wisegate (wisegateit.com) is an IT expert community and information service for senior IT professionals, providing high quality research and intelligence from the best source available – the collective knowledge of IT leaders from across the industry. With online Q&A, detailed product reviews, live roundtables, and published peer-based research, Wisegate offers a practical and unbiased information source built on the real-world experience of veteran IT professionals.