Information Security Awareness — why isn’t it working?
- — 20 February, 2012 09:08
It’s not a secret, public and private sector organisations know the current approach to Information Security Awareness isn’t working because User Awareness jumped to 8th place, up from 31st on the 2011 Defence* Signals Directorate, Top 35 Strategies to Mitigate Targeted Intrusions.
Fresh analysis by the Department of Change Pty Ltd in its new ‘360 Report, What’s wrong with your security culture?, has identified that many organisations are not well prepared to reduce information security vulnerability. The report suggests this is often because communication strategies and engagement tactics are inadequately managed, people remain the greatest risk and creating a security culture is the greatest challenge.
The report includes disasters from 2011 where ‘someone’ was responsible such as the finance officer at the Queensland Health Department who was arrested after an alleged fraud involving $16 million, three senior managers were stood down and Premier Anna Bligh announced that the entire agency would be dismantled; a privacy breach closed Telstra BigPond email for up to one million accounts after 60,000 passwords were inadvertently displayed on the Internet.
Department of Change Pty Ltd is a unique new business, and the first Australian company to customise security awareness services for clients by undertaking ‘forensic’ communication and training audits, and developing campaigns to educate employees, stakeholders and supply chains about their obligations.
“After completing 15 assignments at various levels of Government, I anticipated a real need in the marketplace to change the way Information Security Awareness is managed. Increasing awareness takes more than an Induction handout, one hour self-paced online refresher module and an IT Policy buried somewhere on the company intranet” says Davina O’Dell, Chief of Change and Director.
“The reliance on the company’s security department to solely manage this increasingly important aspect of business operations also has some serious shortcomings. There needs to be more collaboration and strategy integration across all business areas, particularly with Communication divisions” she says. Davina is adamant that an effective information security awareness program will significantly mitigate the chances of your company being subject to unethical behaviours which are likely to result in damage to more than one reputation.
A full day interactive Seminar ‘Information Security Awareness - it’s not a secret.’ Department pf Change Pty Ltd
When: Thursday 22 March 2012 Where: Canberra
Australia’s leading panel of experts (5) will uncover the myths and facts about how to build a security culture, what works and what doesn’t. An enlightening and frightening session will cover what happens after a security incident reaches the public domain and the impact on employee and stakeholder behaviour once uncontrolled social media networks realise someone at your organisation has dropped the ball.
Key Note: Mr Trevor Smallwood, Assistant Secretary Cyber Security and ICT Skills Branch at the Australian Government Information Management Office (AGIMO), Department of Finance and Deregulation.