Biz 'royally sucks' at building security awareness

By

IT management needs to make executives believers before they start implementing their security strategies, according to a longtime security adviser.

IT pros must consider the interests of executives in order to promote a security culture at an organisation, according a longtime security consultant.

Biz 'royally sucks' at building security awareness

While addressing and developing a healthy security strategy starts from the bottom up, Codenomicon chief security strategist Ira Winkler said it's the top-level executives who need to be convinced first.

"In order to really enforce people, you need to get top level buy-in," Winkler said during his session Wednesday at RSA Conference 2013 in San Francisco.

"Without high-level support, you have no authority."

IT management must know how to "speak business" and communicate with executives to obtain the financial backing needed to appropriately address security in the organisation, Winkler said. That means making senior management understand that good security isn't another budget line-item – it actually ends up saving a business money. 

"Demonstrate how you are critical to the success of the organisation," he said. "Once you have the authority, you need to implement [the strategy] from the bottom up."

Enabling a healthy security program starts with awareness, an aspect that Winkler believes many organisations "royally suck" at. He said that end-user training programs should be more than a "one-time, once-a-year thing."

"Security programs fail because they assume common knowledge," he said. "Awareness programs need to create a common knowledge so users can exercise common sense."

One piece of advice that Winkler strongly suggests is limiting the amount of times security professionals say "no," which he believes by default should never happen.

"You listen to what the company wants to do and you figure out how to enable it," he said.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?