Case Study: a bold new approach to awareness and education, and how it met an ignoble fate
2006; Elsevier BV; Volume: 2006; Issue: 5 Linguagem: Inglês
10.1016/s1361-3723(06)70355-4
ISSN1873-7056
Autores Tópico(s)Information Technology Governance and Strategy
ResumoExperts, Dario Forte and Richard Power analyse a real-life radical security awareness program that spanned a 100-country confederation, reaching 100,000 employees. The global entity was initially hostile to security and lacking in command structure. The awareness program tactics were based on 21st century warfare techniques. The program didn't play on fear or talk-down to staff. It empowered them by pointing out how IT security could be applied at home and in their lives. An organization-wide security day took place. Also, the Chief Security Officer headed up a special hierarchy consisting of an Intelligence Officer and a Communications Officer. General staff, IT professionals and executives all received tailored communication. The program delivered training, events, E-learning modules and newsletters. The literature was translated into 20 languages. However, executive briefings were only one-page long. The management team were never told about a problem without also been told what was been done to mitigate it. In addition, new joiners became indoctrinated in IT security as part of their induction. The program started to make security second nature to some. It created a flutter of proactive responses from employees. More than 80% of IT Directors said the program put the organization in a stronger security position. The only problem - it was just a little too successful for the executives to handle. Below is a case study on the launch of a powerful, unique and comprehensive awareness and education program for a global entity, which we will refer to as Entity X. In the course of the case study, we will articulate the essential components of an effective and economical program, and explore some of the critical issues involved in developing it, rolling it out and institutionalizing it.
Referência(s)