Security Awareness in a Connected World

Tuesday, November 16, 2010

Mark Gardner


Last week I "attended" a Cisco web event regarding their Connected World report. This event covered amongst other things Security Awareness.

You can download your own copies of the report(s) right here.

To many Security Awareness is an activity purely to ensure compliance to various standards.

However, when, in this report, 41% of respondents either do not have or, crucially, do not know if they have IT policies in place, it shows the potential impact to security of a lack of awareness.

A human being with a computer is always the weakest link in the chain, without proper awareness that chain could snap at any time. Meaning all technical security put in place could be rendered useless by the actions of, one well intentioned if ill informed employee.


To put it further into context, when approximately 3 out of 5 employees feel they do not need to be in an office to do what they do, then awareness is even more of a key activity.

Today's environment is highly pressured with people needing to get the job done , generally in record time. What this report showed is that 40% of people who responded have broken policies to get the job done.

This is not just an awareness issue, Compliance standards and IT Policies, have to catch up to the rate of technology change. However, awareness should be a two way street with communication between the security professionals writing the policies and the user base.

This can then lead to questions about how best to work adhering to the policy, as well as to policy makers finding out new areas where said policies are lacking.

Use of personal devices, in many companies currently still prohibited may become more and more prevalent, as the use of iPhones, iPads etc. increases and becomes more commonplace.

Therefore, security awareness regarding their use, particularly in the workplace becomes more and more important. To put this into context, by 2020 - it is expected that there will 16 billion internet enabled devices worldwide. 

Security Awareness should be spread over a portfolio of media, from internal networking sites, to e-mail, Instant Messaging broadcasts, Computer Based Training, posters like this one and face to face presentations.

Done correctly, it is only by giving face to face presentations that users can see the real importance of the policies and procedures and maintaining security. More and more, I predict shall be given over video conferencing, be it Skype or other mediums.

Video is the crossover from the entertainment world into the business world, real benefits can be realized by the use of video in the workplace. However, security controls around the use, both technical and personnel focused need to be devised and strengthened in order that video can be used correctly. 

In a new more open internet age, where privacy is somewhat discarded, the threat to the enterprise is increased, because of the blurring between home and work. It is only by shouting above the noise to get the security message across, can the enterprise be protected. 

Possibly Related Articles:
Cisco Policy Security Awareness Information Technology
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.