Moving from Consciousness to Culture: Creating an Environment of Security Awareness
By Mary Munley
Although the aftermath of September 11th has brought to the forefront the realization that security threats are real, most companies are still far from creating a culture of security awareness within their organizations. This is particularly true with information security even though recent surveys have shown that corporations are worried about the financial impact of threats and attacks against their computer systems. Unfortunately, many of these same organizations are still focusing primarily on technical solutions such as firewalls, anti-virus software, patches, biometric devices and the like, to protect themselves against these threats. They have failed to take an overall holistic approach to security by combining technology with awareness. Most have recognized the importance of having clear and enforceable policies, but have stopped short of developing a comprehensive, ongoing awareness program.