How To
Security Awareness Programs: Now Hear This!
Awareness programs are the cheapest way to prevent costly problems, but the security message can be easy to ignore. CSOs and CISOs share their strategies for spreading the good word.
By Lew McCreary
In getting the word out about security priorities, Delaney relies on departmental luncheons, webcasts, podcasts and low-cost campuswide publicity (pitching security-related stories to The Exponent, Purdue's daily student newspaper, and Inside Purdue, a publication for faculty and staff). In October she held a staffwide Security Awareness Month, featuring daylong presentations on the most urgent data security issues: encryption, data security on the road and working from home, information classification and the operational requirements of the new state regulations.
One challenge is communicating with her various audiences in terms that will resonate with each. "You have different levels of expertise you have to talk to," she says. And not only expertise but frames of reference. "I mean, not as many staff people are going to be on Facebook.com [a social networking site popular with collegians] as students. So you've got different issues, depending on the demographics of the people you're trying to reach," she says.
Faculty members represent perhaps the toughest nut to crack. They enjoy plenty of authority and autonomy. For that reason they are a little like lawyers or physicians—two famously tough groups to domesticate to habits of right behavior that may seem in conflict with their sense of mission. That reality makes it clear why Delaney might want to get her game face on by tuning up with the friendly staff.?
Lew McCreary, CSO's former editor in chief, is a member of the Content Expert Faculty of the CSO Executive Council.
Other stories by Lew McCreary
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
