Information Security Awareness — why isn’t it working?

It’s not a secret, public and private sector organisations know the current approach to Information Security Awareness isn’t working because User Awareness jumped to 8th place, up from 31st on the 2011 Defence* Signals Directorate, Top 35 Strategies to Mitigate Targeted Intrusions.

Fresh analysis by the Department of Change Pty Ltd in its new ‘360 Report, What’s wrong with your security culture?, has identified that many organisations are not well prepared to reduce information security vulnerability. The report suggests this is often because communication strategies and engagement tactics are inadequately managed, people remain the greatest risk and creating a security culture is the greatest challenge.

The report includes disasters from 2011 where ‘someone’ was responsible such as the finance officer at the Queensland Health Department who was arrested after an alleged fraud involving $16 million, three senior managers were stood down and Premier Anna Bligh announced that the entire agency would be dismantled; a privacy breach closed Telstra BigPond email for up to one million accounts after 60,000 passwords were inadvertently displayed on the Internet.

Department of Change Pty Ltd is a unique new business, and the first Australian company to customise security awareness services for clients by undertaking ‘forensic’ communication and training audits, and developing campaigns to educate employees, stakeholders and supply chains about their obligations.

“After completing 15 assignments at various levels of Government, I anticipated a real need in the marketplace to change the way Information Security Awareness is managed. Increasing awareness takes more than an Induction handout, one hour self-paced online refresher module and an IT Policy buried somewhere on the company intranet” says Davina O’Dell, Chief of Change and Director.

“The reliance on the company’s security department to solely manage this increasingly important aspect of business operations also has some serious shortcomings. There needs to be more collaboration and strategy integration across all business areas, particularly with Communication divisions” she says. Davina is adamant that an effective information security awareness program will significantly mitigate the chances of your company being subject to unethical behaviours which are likely to result in damage to more than one reputation.


A full day interactive Seminar ‘Information Security Awareness - it’s not a secret.’ Department pf Change Pty Ltd

When: Thursday 22 March 2012 Where: Canberra

Australia’s leading panel of experts (5) will uncover the myths and facts about how to build a security culture, what works and what doesn’t. An enlightening and frightening session will cover what happens after a security incident reaches the public domain and the impact on employee and stakeholder behaviour once uncontrolled social media networks realise someone at your organisation has dropped the ball.

Key Note: Mr Trevor Smallwood, Assistant Secretary Cyber Security and ICT Skills Branch at the Australian Government Information Management Office (AGIMO), Department of Finance and Deregulation.

Download:Seminarbrochure: www.departmentofchange.com/seminars.htm

Email: seminar@departmentofchange.com

How to keep your smartphone (and its data) secure

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Protect against bugs in USB Storage devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.