Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

The CEO Cybersecurity Challenge

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 26 Jun 2019 07:53:20 +0000 (UTC)
https://www.davidfroud.com/the-ceo-cybersecurity-challenge/

By David Froud
Fround on Security
June 24, 2019
It is with thanks to Chad Loder that I write this blog. His post on LinkedIn made me laugh out loud and is what inspired me to propose the CEO Cybersecurity Challenge (#ceocybersecuritychallenge). The very simple post was: 

  From: Security Team
  To: All Employees
  Subject: Security Awareness Training

  To opt out of this year’s security training, click here.
Security experts will instantly see the simple genius of this social engineering tactic. In just 10 words you get: 

1. Proof that the CEO doesn’t care [enough] about security – The CEO is
   ultimately responsible and accountable for the culture of an
   organisation. If the security culture is piss-poor, it’s their fault
   and no one else’s;

2. An understanding of which employees [likely] care little for security –
   if they go out of their way to AVOID taking security training, that’s
   bad;

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: