CHAPTER 8: BEYOND AWARENESS
As important as awareness campaigns and compulsory training are, they can only go so far. Training works best when it is regularly reinforced by experience, and this is a problem in the case of security. Successful security is measured by the absence of bad events, rather than the occurrence of good ones. Consequently, opportunities to reinforce positive behaviour are limited. As mentioned above, punishing staff involved in security breaches, except in cases of deliberate intent, or blatant recklessness, is not a good idea. It encourages secrecy, and gets in the way of learning, on an individual and organisational level.
For similar reasons, measuring the effectiveness of awareness and training campaigns can be difficult. ...
Get Security: The Human Factor now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
