Moving from Consciousness to Culture: Creating an Environment of Security Awareness

Although the aftermath of September 11th has brought to the forefront the realization that security threats are real, most companies are still far from creating a culture of security awareness within their organizations. This is particularly true with information security even though recent surveys have shown that corporations are worried about the financial impact of threats and attacks against their computer systems. Unfortunately, many of these same organizations are still focusing primarily on technical solutions such as firewalls, anti-virus software, patches, biometric devices and the like, to protect themselves against these threats. They have failed to take an overall holistic approach to security by combining technology with awareness. Most have recognized the importance of having clear and enforceable policies, but have stopped short of developing a comprehensive, ongoing awareness program. Security professionals and administrators are often left with the undefined task of making sure that procedures and processes are in place to ensure these policies are carried out. There are many considerations to weigh and steps that can be taken to improve security awareness in your own organization. The ultimate goal is to inspire change to create a culture of security awareness.