Information Security Awareness - It's Time We Know What Works
Unfortunately, making such an assertion is much harder than it sounds: simply identify a cyber security awareness slogan, icon, or training methodology that permeates the airwaves, cuts through today’s online clutter, and results in a workforce that doesn’t fall for phishing emails, understands that financial institutions will never email requests for account owners’ passwords, and is conscientious in applying the latest operating system and client-side application software patches. Just as importantly, we must know why the slogan is effective and why it is able to get consumers and employees to modify their thinking and behavior.
Without understanding “why” a particular awareness campaign works, the information industry will not be prepared for when the next generation of cybercrime and malware is effective on the next generation of Netizens. For this reason, research into cyber security awareness campaign effectiveness is paramount.
Forty years before the personal computer was born, the Advertising Council created the advertising mascot/ icon Smokey Bear (who is, often, incorrectly called Smokey the Bear) to educate Americans about the dangers of forest fires and wildfires. Per the Ad Council, 95% of adults recognize Smokey Bear and his slogan, “Remember… Only YOU Can Prevent Forest Fires”; however, I am unaware of any research and measure of effectiveness that emphatically concludes the U.S. National Park Service’s investment in the Smokey Bear advertising campaign has reduced the number of forest fires or wildfires. This is not to say that our beloved Smokey Bear campaign is not worthwhile. It is just that everyone is extremely cost conscientious and measuring an advertising campaign’s return on investment (and then investing only in effective campaigns) is a necessary evil; however, it implies a correlation between a message or training and something that doesn’t happen. And this “proving of a negative” will also be an issue in an effectiveness measure of just about every cyber security awareness campaign: we might be able to determine why a consumer clicks on a link but will we be able to determine which catchy slogan or training tidbit caused someone not to open a malicious attachment?
Today's Threat Landscape Requires Adaptive Security
Staying Abreast of Application Development and Delivery
How to Ensure Information Security when Outsourcing Your Projects
This Is How Your Computer Gets Hacked!
By Pete V. Sattler, VP-IT & CIO, International Flavors &...
By Benjamin Beberness, CIO, Snohomish County PUD
By Gary Watkins, CIO of IT Shared Services, KAR Auction...
By Tonya Jackson, VP Global Supply Chain, Lexmark
By Chad Lindbloom, CIO, C.H. Robinson
By Ryan Fay, CIO, ACI Specialty Benefits
By Kris Holla, VP& CSO, Nortek, Inc.
By Shawn Wiora, CIO & CISO, Creative Solutions In Healthcare
By Michael Alcock, Director-CIO Executive Programs &...
By Jeff Bauserman, VP-Information Systems & Technology,...
By Wes Wright, CTO, Sutter Health
By Peter Ambs, CIO, City of Albuquerque
By Mark Ziemianski, VP of Business Analytics, Children's...
By Jonathan Alboum, CIO, The United States Department of...
By Ryan Billings, MS, MBA, Executive Director, Digital...
By Christina Clark, Managing Principal, Cresa
By Evan Abrams, Associate, Steptoe & Johnson LLP
By Holly Baumgart, Vice President-Information Technology,...
By Melissa Douros, Director of Digital Product Management,...
By Andrew Palmer, SVP & Chief Information Officer, U.S....