Notable Quote"In all of computer security, people are the problem." |
Why Security Awareness?The best physical security and logical security are undone if an employee makes a security blunder. You need people security to fight basic security errors made by new, complicit, or uninformed employees. Security awareness training builds people security. From NIST Special Publication 800-16: Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly. Both NIST and IEC recommend awareness training for all employees. However, NIST recommends periodic awareness training while IEC 27002 recommends: An adequate level of awareness, education, and training in security procedures and the correct use of information processing facilities should be provided to all employees, contractors and third party users to minimize possible security risks. Why is IT Security Awareness important?IT Security Awareness is important:
Is eLearning effective for IT Security Awareness?Instructor-led Security Awareness is the most effective educational medium, but it is time intensive, costly, and inconvenient for employee schedules, meetings, workloads, vacation, sick leave, and personal time off. Online delivery of Security Awareness provides a cost-effective, convenient means of delivery for new employees and works conveniently into and around existing employee schedules. What other benefits does eLearning provide?
CSI 2007 SurveyIn a survey taken by the Computer Security Institute in 2007, 486 respondents were asked to rate the importance of several security awareness topics to their organizations. For more information on how companies view security awareness and other security metrics, download the full report at http://www.gocsi.com. |