Security culture isn’t just about training. Think about what impacts an employee’s risk decisions.
These are the inputs that most directly influence those decisions:
1. The formal processes people are expected to follow
2. The technologies that impact employees’ workflows
3. Employees’ individual skills, workload, perceptions and attitudes
Coordinating the variables in each of these areas to support a secure workforce is a huge task that is given very little focus in most businesses. There are so many trade-offs and prioritizations that need to be made by top management that it isn’t always obvious what the right mix of parameters is.
Photo by Hunters Race on Unsplash
For just $325 USD, you can run a 6 week, automated program for phishing, social engineering and working from home. (Normally valued at $450 USD)
Use Promo Code: 6WEEKS
Having a maturity model can really help in figuring out where you are, and where you want to be. But executives and the board also need to understand how investments in each of those inputs will help you get there.
Knowing HOW you can get to the desired target state is as important as knowing where you want to end up. If you’d like to learn more about how this process can be defined, I have some ideas for you.
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.