Establishing an Information Security Awareness and Culture
Peter Korovessis, University of Plymouth, UK
Except for computer science or related disciplines graduates, most of us are not trained as a learned cybersecurity user from our education. We mainly get the on-the-job training on cybersecurity. Peter Korovessis’ research paper ‘Establishing an information security awareness and culture’ explains why there is a tremendous need for more effective user training to enhance their security awareness. The author surveyed on university freshmen and seniors to find out if they learnt more cybersecurity knowledge during the years spent in college and he concluded that the awareness level of students concerning information security concepts is not at a sufficient level for students entering university education and does not significantly change as they progress their academic life towards entering the workforce.
Without any prior education on cybersecurity, just a mindless click by an employee is powerful enough to kill the whole company security. The US National Strategy to Secure Cyberspace has identified employees as a key factor in securing the cyberspace. No matter how much money the organization has spent in cybersecurity investment, if she does not raise the security awareness of her employees, it would be like storing jewelries inside a well-designed, highly secure safe without locking it, leaving its door open.
Peter Korovessis has developed a practice of security awareness training, named as security toolkit. The toolkit has combined different psychological theories like the behaviorist and cognitive learning theories so to bring the most effective learning outcome. The end goal of the toolkit is not just for gearing up the end users in terms of security knowledge but also to develop a culture such that they become competent and confident users of technology.
Protect Emails with Anti-Phishing Bot