
Information Security Awareness - It's Time We Know What Works


Michael G Carr, CISO, University of Kentucky, Mike is the Chief Information Security Officer (CISO) for the University of Kentucky. He earned his Juris Doctor (JD) degree from the Salmon P. Chase ... More >>
Unfortunately, making such an assertion is much harder than it sounds: simply identify a cyber security awareness slogan, icon, or training methodology that permeates the airwaves, cuts through today’s online clutter, and results in a workforce that doesn’t fall for phishing emails, understands that financial institutions will never email requests for account owners’ passwords, and is conscientious in applying the latest operating system and client-side application software patches. Just as importantly, we must know why the slogan is effective and why it is able to get consumers and employees to modify their thinking and behavior.
Without understanding “why” a particular awareness campaign works, the information industry will not be prepared for when the next generation of cybercrime and malware is effective on the next generation of Netizens. For this reason, research into cyber security awareness campaign effectiveness is paramount.
Forty years before the personal computer was born, the Advertising Council created the advertising mascot/ icon Smokey Bear (who is, often, incorrectly called Smokey the Bear) to educate Americans about the dangers of forest fires and wildfires. Per the Ad Council, 95% of adults recognize Smokey Bear and his slogan, “Remember… Only YOU Can Prevent Forest Fires”; however, I am unaware of any research and measure of effectiveness that emphatically concludes the U.S. National Park Service’s investment in the Smokey Bear advertising campaign has reduced the number of forest fires or wildfires. This is not to say that our beloved Smokey Bear campaign is not worthwhile. It is just that everyone is extremely cost conscientious and measuring an advertising campaign’s return on investment (and then investing only in effective campaigns) is a necessary evil; however, it implies a correlation between a message or training and something that doesn’t happen. And this “proving of a negative” will also be an issue in an effectiveness measure of just about every cyber security awareness campaign: we might be able to determine why a consumer clicks on a link but will we be able to determine which catchy slogan or training tidbit caused someone not to open a malicious attachment?
CIO Review Clients : Flagship , PCMI
Media Partner : CIO Review | B2B Online 2020
CIO Review Press Releases : CIO Review | One Stop Systems
See Also:
ON THE DECK
Featured Vendors
THETA432: Performance, Precision, Efficiency, Visibility - The Key to Incident Response and Answer to the Talent Shortage
EveryCloud Technologies: Delivering Powerful Email Filtering Services" title="Graham O'Reilly, CEO & Co-Founder" style="float:left; margin-right:10px; margin-bottom:20px;" width="60px" height="50px">
EveryCloud Technologies: Delivering Powerful Email Filtering Services
Onepath: A Responsive Info-Security Management Framework – the easier way to dramatically improve your overall info-security posture
Covenant Security Solutions, Inc.: Revolutionary Solutions to Mitigate Security and Compliance Risks
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Hybrid Work Has Forever Changed The Need For It In Ramboll
How T-Mobile brought an Un-carrier approach to tech hiring
Every Changing Labor Force
Great Expectations: Balancing the diverse needs of a city in a...
Community Banks And Digital Banking
"Discovery and Delivery" - An Approach to IT Workload Balance
