Information Security Awareness Programs : An Integral Part Of Security Management

Decent Essays

One of the greatest risks to a company’s information security is not a shortcoming in the technical control environment, rather it is their employees’ inaction or action that leads to security incidents (PCI, 2014). For instance, information disclosure leading to social engineering attack, access to sensitive information unrelated to the employee’s role, not reporting unusual activity are some of the scenarios that could result in compromise of an organization’s information security and privacy. Information security awareness programs also helps address the problems related to regulatory compliance like FISMA, HIPAA etc. Over the years, information security awareness programs have become an integral part of security management. Therefore, it is imperative for organizations to adopt a security awareness program that will ensure that its employees are conscious and aware of the importance of safeguarding organization’s sensitive and critical information, educating them to better handle information securely, and the risks of mismanaging the information.
Information security awareness programs derived from standards and best practices mainly focuses on the processes and content of the program, without considering how security related decisions are made by individuals and how individuals synthesize security related information (Tsohou, Karyda, & Kokolakis, 2014). An individual’s beliefs, perceptions and biases play a significant role in influencing security policy compliance.

Get Access