Wednesday, April 29, 2009

ENISA and Security Awareness

In June I will be speaking at an ENISA conference in London on security awareness. The conference theme is the “growing requirement for information security awareness across public and private organisations". ENISA is quite active in the space of security awareness, and you can see their portfolio of work here. Better security awareness might have prevented the loss of an unencrypted USB stick by an MI6 agent, which as reported recently, lead to a £100 million anti-narcotics operation being abandoned due to compromised data.

One interesting awareness report from ENISA is a survey on current awareness practices and success criteria. The report is short at 24 pages given the generous margins and large graphical embellishments. I have included an important chart below that shows a list of techniques and their effectiveness at raising awareness (as determined by the survey participants)
imageClassroom training (face-to-face interaction) was judged to be the most effective method, and by some margin. Promotional material had no redeeming features, and CBT courses were only slightly ahead of leaflets and just on par with regular mail outs. But please read the whole report to get the whole picture. In any case, the chart is a good discussion point for your next security team meeting.

Related Posts

3 comments:

CHEAPSOCCERUNIFORM said...

I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up
Eeveryone love fashion clothing, Polo Ralph Lauren is very popular all over world, that is my dream to get Ralph Lauren Polo Shirts, now there are lots of online shop which are Ralph Lauren Polo Outlet, it will be convenient for us, you can buy Discount Polo Ralph Lauren there.

boy labyog said...

Why you don't try mens trousers for your outlook?

Peter Thomos said...

This the excellent post which I have seen and it helped me a lot , Thanks for sharing it!!
it security awareness course