Security Training 101

Installing the latest security hardware and software means nothing if end users don't practice cyber safety. And the best way to get end users to 'think security' is to create an ongoing culture of security at your company.

By Lynn Haber
Mon, April 27, 2009

Network World — Installing the latest security hardware and software means nothing if end users don't practice cyber safety. And the best way to get end users to 'think security' is to create an ongoing culture of security at your company.

Podcast: Selling security without using scare tacticsRead how New York is handling phishing.

"Security awareness isn't one of those things that organizations do for fun. It's 24/7 and accountability starts with the CEO and is pushed to all corners of the organization," says Larry Ponemon, founder of the Ponemon Institute, a privacy and data protection research firm in Traverse City, Mich.

The stakes are high and getting higher all the time. In January, the Identity Theft Resource Center (ITRC) reported that the number of data breaches in 2008 increased 47% compared to 2007. The organization also reported that 35.2% of breaches were due to human error. (Watch a slideshow of the 10 worst moments in network security history.) 

And Ponemon recently released a study showing that the average cost of a data breach grew to $202 per record compromised in 2008, up from $197 per record in 2007. And the average security event cost individual companies $6.6 million per breach in 2008, up from $6.43 million in 2007 and $4.7 million in 2006.

Worse, security breaches result in a loss of consumer confidence, which translates into customers taking their business elsewhere. (Listen to a podcast of five ways to employees can sabotage your network.)

So, what are the keys to a successful security awareness program? Creating a culture of security starts at the top, includes individuals from all departments and groups, is based on pre-determined policy and subsequent controls, is consistently revisited and updated, and is practiced daily.

Security is Job One

Computer security is a fast moving target. Today there are more threats, more vulnerabilities, more portable storage devices, and there's increased mobility. There's also less of a wall between one's personal life and work life. The things to protect and protect against are changing.

That means educating end users about security is more difficult, demanding and necessary than ever before.

"Today, users are more aware of existing threats, but threats are more sophisticated and they migrate faster," says Max Reissmueller, senior manager of IT infrastructure and operations at Pioneer Electronics in Long Beach, Calif.

Reissmueller is responsible for end user security awareness for roughly 1,600 employees at about 15 locations in North America. Pioneer Electronics has a formal security review board that updates policy annually and disseminates changes to end users.

Continue Reading

As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable, enforceable processes that reduces administrative overhead and enables robust, customizable reporting and auditing capabilities. Brought to you by NetIQ.
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.
Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.
This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into creating a compliant and secure IT environment. Follow these four proactive steps now before your next audit. Brought to you by NetIQ.
Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will help your business gain the maximum return on investment possible while aligning your compliance programs.
This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make to help achieve project success.
Learn how Gartner's criteria for next generation IPS helps organizations achieve effective threat prevention despite changes in network communications, new applications, and changes in the threat landscape.
3 minute Flash video - overview of the need for and value of Configuration Control.
Cloud deployments are playing a critical role in propelling innovation for many companies. At the same time security has become the #1 one of the top concerns for IT and business leaders as they migrate into the cloud. In this webinar, learn from Accenture discusses how to recast the cloud as a "fresh chance to rethink your approach to security."
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn about VMware customer, Navicure, and their experiences testing and evaluating the recovery manager, their progress in implementing it in their environment and their advice other customers considering using vCenter.
Many enterprises have discovered that the use of virtualization to support desktop workloads creates a range of significant benefits. These benefits include price efficiencies, improved IT management and greater agility and choice for end users.

This VMware sponsored webcast with IDC will provide both quantitative measurement of the business value -- defined as the expected ROI -- and qualitative analysis associated with the use of VMware View™. IDC will also provide an analysis of the View Composer and ThinApp™ features of VMware View, including the business value of these solutions and an overview of how they work.

Attend this webcast to learn about:
- Challenges and barriers that might impede the adoption of desktop virtualization
- Navigating roadblocks to facilitate a strategic implementation
- Optimizing qualitative and quantitative benefits to IT and your business
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all Newsletters | Privacy Policy
Resource Center