Educause Security Discussion mailing list archives
Security Awareness Feedback
From: Melissa Guenther <mguenther () COX NET>
Date: Tue, 27 Apr 2004 09:50:20 -0700
I have been assigned a project to help determine the status of Security Awareness interventions. In such, I am polling both individuals and groups on the question below. I am asking that you provide formal and informal information that answers the question. Ideally, you will scrub all identifying information before sending - as a precaution, I will recheck to make sure names and other information is removed. I will be happy to send anyone interested the final report. Question - Why is security awareness typically such a failure? It is mentioned in 3 places in the 7799 spec. It is usually considered only slightly less important than policy. Yet, it seems to be uniformly poorly implemented. Note -For purpose of this study: There is no such thing as "Security Awareness Training." The purpose of awareness efforts is to focus attention on security and possible adverse impacts from a security failure. Heightened awareness allows individuals to recognize security concerns and respond accordingly. During awareness activities the learner is a passive information recipient, while the learner in a training environment takes on a more active role. Awareness aims to reach broad audiences with attractive packaging techniques. Training is designed to build knowledge and skills to facilitate job performance. Learning achieved through awareness is short-term, immediate, and specific. Training involves higher-level concepts and skills. For example, if a learning objective is "to increase use of effective password protection among employees," an awareness activity might involve using reminder stickers on computer keyboards. A training activity might involve computer-based instruction in the use of passwords, especially how to change passwords for organization system. Thank you for your consideration. Melissa Guenther Increasing Awareness to Improve Security 480-786-6034 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Security Awareness Feedback Melissa Guenther (Apr 27)
- <Possible follow-ups>
- Re: Security Awareness Feedback Gary Flynn (Apr 27)
- Re: Security Awareness Feedback Melissa Guenther (Apr 27)