It’s not a secret, public and private sector organisations know the current approach to Information Security Awareness isn’t working because User Awareness jumped to 8th place, up from 31st on the 2011 Defence* Signals Directorate, Top 35 Strategies to Mitigate Targeted Intrusions.
Fresh analysis by Department of Change Pty Ltd in its new ‘360 Report-what’s wrong with your security culture’ has identified that many organisations are not well prepared to reduce information security vulnerability. The report suggests this is often because communication strategies and engagement tactics are inadequately managed, people remain the greatest risk and creating a security culture is the greatest challenge.
The report includes disasters from 2011 where ‘someone’ was responsible such as the finance officer at the Queensland Health Department who was arrested after an alleged fraud involving $16 million, three senior managers were stood down and Premier Anna Bligh announced that the entire agency would be dismantled; a privacy breach closed Telstra BigPond email for up to one million accounts after 60,000 passwords were inadvertently displayed on the Internet.
Department of Change is a unique new business, and the first Australian company to customise security awareness services for clients by undertaking ‘forensic’ communication and training audits, and developing campaigns to educate employees, stakeholders and supply chains about their obligations.
“After completing 15 assignments at various levels of Government, I anticipated a real need in the marketplace to change the way Information Security Awareness is managed. Increasing awareness takes more than an Induction handout, one hour self-paced online refresher module and an IT Policy buried somewhere on the company intranet” says Davina O’Dell, Chief of Change and Director.
“The reliance on the company’s security department to solely manage this increasingly important aspect of business operations also has some serious shortcomings. There needs to be more collaboration and strategy integration across all business areas, particularly with Communication divisions” she says. Davina is adamant that an effective information security awareness program will significantly mitigate the chances of your company being subject to unethical behaviours which are likely to result in damage to more than one reputation.
Contact: Davina O’Dell, Email: firstname.lastname@example.org
360 Report – What’s wrong with your security culture?
[Information security is one of the most underestimated risks facing Australian organisations today, and new research highlights why it’s time to revisit your security culture. Fresh analysis by Department of Change Pty Ltd has identified that many organisations are not well prepared to reduce information security vulnerability. This is often because their communication strategies and engagement tactics are inadequately managed and new data reinforces the importance of individual attitudes towards information security.]
* Defence Signals Directorate Top 35 Strategies to Mitigate Targeted Intrusions. See report content.
Download: 360 Report – www.departmentofchange.com/360report.htm
A full day interactive Seminar: ‘Information Security Awareness – it’s not a secret.’
Thursday 22 March 2012 : Canberra
Australia’s leading panel of experts (5) will uncover the myths and facts about how to build a security culture, what works and what doesn’t. An enlightening and frightening session will cover what happens after a security incident reaches the public domain and the impact on employee and stakeholder behaviour once uncontrolled social media networks realise someone at your organisation has dropped the ball.
Key Note: Mr Trevor Smallwood, Assistant Secretary Cyber Security and ICT Skills Branch at the Australian Government Information Management Office (AGIMO), Department of Finance and Deregulation.
Download: Seminar brochure: www.departmentofchange.com/seminars.htm