What awareness is supposed to be

In a recent article that highlights why security awareness programs frequently fail, the top reason cited was poor governance. In reviewing and implementing dozens of awareness programs, I have come to believe that the poor definition and implementation of security governance is the fundamental reason for security awareness program failures.

First consider what governance is. At a high level, governance is definition of how people should perform their daily functions. Notice that this doesn’t say anything specific about security. The assumption is that the definition of behaviors embed security.

To read this article in full or to leave a comment, please click here

Read more: What awareness is supposed to be

Story added 25. October 2016, content source with full text you can find at link above.