Information Security Awareness - It's Time We Know What Works
Unfortunately, making such an assertion is much harder than it sounds: simply identify a cyber security awareness slogan, icon, or training methodology that permeates the airwaves, cuts through today’s online clutter, and results in a workforce that doesn’t fall for phishing emails, understands that financial institutions will never email requests for account owners’ passwords, and is conscientious in applying the latest operating system and client-side application software patches. Just as importantly, we must know why the slogan is effective and why it is able to get consumers and employees to modify their thinking and behavior.
Without understanding “why” a particular awareness campaign works, the information industry will not be prepared for when the next generation of cybercrime and malware is effective on the next generation of Netizens. For this reason, research into cyber security awareness campaign effectiveness is paramount.
Forty years before the personal computer was born, the Advertising Council created the advertising mascot/ icon Smokey Bear (who is, often, incorrectly called Smokey the Bear) to educate Americans about the dangers of forest fires and wildfires. Per the Ad Council, 95% of adults recognize Smokey Bear and his slogan, “Remember… Only YOU Can Prevent Forest Fires”; however, I am unaware of any research and measure of effectiveness that emphatically concludes the U.S. National Park Service’s investment in the Smokey Bear advertising campaign has reduced the number of forest fires or wildfires. This is not to say that our beloved Smokey Bear campaign is not worthwhile. It is just that everyone is extremely cost conscientious and measuring an advertising campaign’s return on investment (and then investing only in effective campaigns) is a necessary evil; however, it implies a correlation between a message or training and something that doesn’t happen. And this “proving of a negative” will also be an issue in an effectiveness measure of just about every cyber security awareness campaign: we might be able to determine why a consumer clicks on a link but will we be able to determine which catchy slogan or training tidbit caused someone not to open a malicious attachment?
Today's Threat Landscape Requires Adaptive Security
Staying Abreast of Application Development and Delivery
How to Ensure Information Security when Outsourcing Your Projects
This Is How Your Computer Gets Hacked!
By James Seevers, CIO & GM, Toyoda Gosei
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Bruce. D. Smith, SVP & CIO, Information Systems, Advocate...
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Graham Welch, Director-Cisco Security, Cisco
By Michael Watkins, Senior Product Director, Global Knowledge
By Bernd Schlotter, President of Services, Unify
By Patrick Hale, CIO, VITAS Healthcare
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Mike Morris, CIO, Legends
By Louis Carr, Jr., CIO, Clark County
By Bill Dow, SVP and General Manager of Business Solutions,...
By Jim Whitehurst, CEO, Red Hat
By Darren Cockrel, CIO, Coyote Logistics, a UPS Company...
By Nathan Johnson, SVP and CIO, Werner Enterprises [NASDAQ:...
By David Tamayo, CIO, DCS Corporation
By Neil Hampshire, CIO, ModusLink Global Solutions, Inc....