Hot Topics
Careers Security Awareness Security Bloggers Network 
SBN

Why an Effective Security Awareness Program Needs Security Champions in Your Organization

by Rodika Tollefson on September 28, 2018

As organizations grapple with how to stay ahead of the evolving cybersecurity threats, many are adopting a culture of security. A security culture is built around the idea that cybersecurity is everybody’s business, not just the IT or cybersecurity team’s responsibility.

Getting an entire organization to buy into a “security first” mindset, however, is no small task.  This may be especially a challenge for an information security or IT team that’s used to working in silos and is not well-equipped to communicate its messaging organization-wide.

That’s where security champions come in. A cross-departmental team of security champions can evangelize your security-awareness program, reinforcing your key messages and ultimately helping to change behavior at all levels of the organization.

Security Awareness Training Has Limits

Security awareness is an imperative component of a security culture. Since employees lead digital lives that cross the boundaries between the workplace and their personal spaces, organizations can’t just focus on securing their perimeter. Security awareness helps fortify what infosec professionals like to call the weakest link in an organization — people — by creating awareness of how their behavior, whether on company premises or off, impacts their employer’s information security.

Oftentimes, however, organizations build their awareness program entirely around training modules and maybe supplemental educational materials such as newsletters. While high-quality training is an effective practice that should be a component of every awareness program, it’s limited in scope.

To affect the culture, your organization needs security champions who can reach across the entire business operation and consistently communicate the security message as it aligns with the organization’s mission and objectives. These champions become trusted resources for their peers while at the same time bridging the communication gap between the security practitioners and the rest of the business functions.

The Roles of the Security Champion

The idea (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/p7yniObG0yY/

Rodika Tollefson