This week we're relaunching our Security Awareness campaign at work. In honor of that, I thought we should re-sample a past post on this subject. Enjoy!
I was recently reading an interesting article at SearchSecurity entitled Staff infection: IT security education is contagious. The article notes that security is the responsibility of every individual and that for an organization to have even a semblance of security, there has to be both buy-in and shared action by the members of the organization.
The article, very correctly, mentions:
Even in today’s world, the general IT worker tends to view security as a barrier and a pain. It is implemented by someone else, and it makes their job harder to perform.This is one of the key problems caused by many security programs. The information security industry often causes problems for itself by being difficult and inflexible. Security is often viewed as a barrier. Security is the group that adds extra requirements, delays projects and increases costs. And with all of that, Security can't guarantee prevention, nor even provide a reliable probability of, an incident or breach.