Security Training 101

Installing the latest security hardware and software means nothing if end users don't practice cyber safety. And the best way to get end users to 'think security' is to create an ongoing culture of security at your company.

By Lynn Haber

Mon, April 27, 2009Network World Installing the latest security hardware and software means nothing if end users don't practice cyber safety. And the best way to get end users to 'think security' is to create an ongoing culture of security at your company.

Podcast: Selling security without using scare tacticsRead how New York is handling phishing.

"Security awareness isn't one of those things that organizations do for fun. It's 24/7 and accountability starts with the CEO and is pushed to all corners of the organization," says Larry Ponemon, founder of the Ponemon Institute, a privacy and data protection research firm in Traverse City, Mich.

The stakes are high and getting higher all the time. In January, the Identity Theft Resource Center (ITRC) reported that the number of data breaches in 2008 increased 47% compared to 2007. The organization also reported that 35.2% of breaches were due to human error. (Watch a slideshow of the 10 worst moments in network security history.) 

And Ponemon recently released a study showing that the average cost of a data breach grew to $202 per record compromised in 2008, up from $197 per record in 2007. And the average security event cost individual companies $6.6 million per breach in 2008, up from $6.43 million in 2007 and $4.7 million in 2006.

Worse, security breaches result in a loss of consumer confidence, which translates into customers taking their business elsewhere. (Listen to a podcast of five ways to employees can sabotage your network.)

So, what are the keys to a successful security awareness program? Creating a culture of security starts at the top, includes individuals from all departments and groups, is based on pre-determined policy and subsequent controls, is consistently revisited and updated, and is practiced daily.

Security is Job One

Computer security is a fast moving target. Today there are more threats, more vulnerabilities, more portable storage devices, and there's increased mobility. There's also less of a wall between one's personal life and work life. The things to protect and protect against are changing.

That means educating end users about security is more difficult, demanding and necessary than ever before.

"Today, users are more aware of existing threats, but threats are more sophisticated and they migrate faster," says Max Reissmueller, senior manager of IT infrastructure and operations at Pioneer Electronics in Long Beach, Calif.

Reissmueller is responsible for end user security awareness for roughly 1,600 employees at about 15 locations in North America. Pioneer Electronics has a formal security review board that updates policy annually and disseminates changes to end users.

Security
Loading...
Security MarketSpace
Practical Approaches for Securing Web Applications
Enterprises understand the importance of securing web applications to protect critical corporate and customer data. What many don't understand, is how to implement a robust process for integrating security and risk management throughout the web application software development lifecycle. Learn more »
Smart techniques for application security: whitebox + blackbox security testing.
An Executive's Guide to Web Application Security
Since so many Web sites contain vulnerabilities, hackers can leverage a relatively simple exploit to gain access to a wealth of sensitive information, such as credit card data, social security numbers and health records. It's more important than ever to examine your Web application security, assess your vulnerability and take action to protect your business. Learn more »
Web Application Vulnerabilities
Security managers may work for midsize or large organizations; they may operate from anywhere on the globe. But inevitably, they share a common goal: to better manage the risks associated with their business infrastructure. Increasingly, Web application security plays a significant role in achieving that goal. Learn more »
Lower the Cost and Complexity of a Mobile Workforce through Automation
 Lower the Cost and Complexity of a Mobile Workforce Learn more »
Retooling IT for a Mobile Workforce
Check out this research note from IDC for guidance. Learn more »
Today's Risky Data Environment
This paper explains how an IT and security service provider can provide a practical, manageable and reliable solution. Learn more »
Business Continuity - Are You Always Open for Business?
This Oracle business brief explains how mid-sized can improve performance by creating an IT infrastructure that makes working faster, easier and more effective. Learn more »
 
SPONSORED LINKS
 

Making Consumer Two-Factor Authentication Simple and Cost-Effective

Mining the Cloud to Ease the Enterprise Compliance Burden

Solve Five Key IT Security Challenges with Cloud-Based Authentication

White Paper: Managed Security for a Not-So-Secure World

Secure Email and Web-Based Communication from Evolving Attacks

WagerWorks Takes Fraudsters Out of the Game using iovation

White Paper: A Security Blueprint Delivered From within the Network

Return on Information: Google Enterprise Search pays you back

Cut Costs & Green Your IT Operations with PC Power Management

White Paper: 4 Customer Service Myths

White Paper: Improve Agility with Operational Responsiveness

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

White Paper: Next Generation Remote Infrastructure Management

Seven Design Requirements for Web 2.0 Threat Protection

Increase UPS efficiency without sacrificing protection.

Learn how advanced forecasting tools can deliver significant business results for global corporations.

Lower IT Costs with Oracle Database 11g Release 2

White Paper: Visibility and the New Normal of Mobile Work

Taking the Service Desk to the Next Level

Learn about The Information Technology Infrastructure Library.

Return on Information: Google Enterprise Search pays you back. Get the facts.

VMware. The source for Business Infrastructure Virtualization.

ShoreTel tells businesses to untangle from competitors' complexity and turn to its brilliantly simple UC solution

Top Five CIO Challenges

Authentication as a Service by Forrester Research

Cloud-Based Authentication for Next-Generation Extranets

Mobile Security: The Essential Ingredient for Today's Enterprise

IDC White Paper: CCM for IT Compliance and Risk Management

Keeping Your Members Safe from Online Scams and Predators

Learn about the growing threat of insider data theft.

Upgrading to VMware vSphere with vWire

Maximizing website Return on Information with high-quality search

See how AT&T can help protect your network.

Webcast: Unleashing the Power of Customer Data

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

5 Key Virtualization Management Challenges

The Total Economic Impact of Network Security Intrusion Prevention

Generation Remote Infrastructure Management - Changing the Paradigm

Cloud-Based Email Management: Opinion Shifts In Favor

eBook: How Can You Make Your People Productive Anywhere?

Achieving Business Agility with Application Grid

Ready to virtualize tier one applications? Check your virtualization maturity.

Seven Ways ITIL Can Help You in an Economic Downturn

Tips for successful virtualization management.

AT&T Synaptic Storage as a Service. Expand on demand

Trend Micro ranked #1 against real-world malware. Read more.

Webinar: Jump-start your in-house e-discovery with Ringtail QuickCull from FTI Technology

Streamline IT Costs. Boost Performance with WAN Optimization.

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords