Information Security Awareness — why isn’t it working?

It’s not a secret, public and private sector organisations know the current approach to Information Security Awareness isn’t working because User Awareness jumped to 8th place, up from 31st on the 2011 Defence* Signals Directorate, Top 35 Strategies to Mitigate Targeted Intrusions.

Fresh analysis by the Department of Change Pty Ltd in its new ‘360 Report, What’s wrong with your security culture?, has identified that many organisations are not well prepared to reduce information security vulnerability. The report suggests this is often because communication strategies and engagement tactics are inadequately managed, people remain the greatest risk and creating a security culture is the greatest challenge.

The report includes disasters from 2011 where ‘someone’ was responsible such as the finance officer at the Queensland Health Department who was arrested after an alleged fraud involving $16 million, three senior managers were stood down and Premier Anna Bligh announced that the entire agency would be dismantled; a privacy breach closed Telstra BigPond email for up to one million accounts after 60,000 passwords were inadvertently displayed on the Internet.

Department of Change Pty Ltd is a unique new business, and the first Australian company to customise security awareness services for clients by undertaking ‘forensic’ communication and training audits, and developing campaigns to educate employees, stakeholders and supply chains about their obligations.

“After completing 15 assignments at various levels of Government, I anticipated a real need in the marketplace to change the way Information Security Awareness is managed. Increasing awareness takes more than an Induction handout, one hour self-paced online refresher module and an IT Policy buried somewhere on the company intranet” says Davina O’Dell, Chief of Change and Director.

“The reliance on the company’s security department to solely manage this increasingly important aspect of business operations also has some serious shortcomings. There needs to be more collaboration and strategy integration across all business areas, particularly with Communication divisions” she says. Davina is adamant that an effective information security awareness program will significantly mitigate the chances of your company being subject to unethical behaviours which are likely to result in damage to more than one reputation.

A full day interactive Seminar ‘Information Security Awareness - it’s not a secret.’ Department pf Change Pty Ltd

When: Thursday 22 March 2012 Where: Canberra

Australia’s leading panel of experts (5) will uncover the myths and facts about how to build a security culture, what works and what doesn’t. An enlightening and frightening session will cover what happens after a security incident reaches the public domain and the impact on employee and stakeholder behaviour once uncontrolled social media networks realise someone at your organisation has dropped the ball.

Key Note: Mr Trevor Smallwood, Assistant Secretary Cyber Security and ICT Skills Branch at the Australian Government Information Management Office (AGIMO), Department of Finance and Deregulation.



Join the CSO newsletter!

Error: Please check your email address.

More about DellDell ComputerQueensland HealthTelstra Corporation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Davina O'Dell

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts