Scott Wright over at Streetwise Security Zone graciously invited me to do a podcast interview with him to discuss information security, privacy and compliance training and awareness issues. In the last half of February I had the pleasure of taking him up on his invitation!
You can hear the full podcast here.
Here are the notes Scott compiled about our discussion topics:
- The disturbing trend of cutbacks leading to greater risks.
- The need to do initial organizational assessments before applying security controls
- Security inadequacies stemming from a “compliance” mentality
- How technology-oriented business drivers are leaving security and privacy considerations behind
- Why off the shelf products require increased focus on security awareness
- Economic influences on employee likelihood of becoming insider threats
- What types of cutbacks are organizations making that are potentially dangerous?
- Rationalizing security as a “foundation” investment instead of an unnecessary expense
- Compliance with regulations is not sufficient for most businesses
- How are the most regulated industries doing with security and privacy?
- How awareness affects quality and mistakes
- How management’s skepticism about training becomes a self-fulfilling prophecy if they skimp on quality
- How training quality can be improved
- How much can you expect people to remember from a single class?
- How to make training content stick over time
- Why measurement of student retention is important in getting good results
- How the Honey Stick Project relates to measuring security awareness
- Rebecca’s “Protecting Information” newsletter’s metrics tips
- The impact of being able to show metrics
- What about the new US government’s position on information security and privacy going forward?
- Should Obama be able to keep his Blackberry?
- Electronic Health Records (EHR) and Medical identity theft
- Rebecca’s eye-opening experience, and the importance of “knowing your audience’s motivations and objectives” when talking about security
- Why executives aren’t hearing IT people’s messages about security
- Innovative approaches to security training that have provided good results for Rebecca
If you listen to it, please let me know what you think! I always welcome feedback.
Tags: awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy awareness, privacy training, risk management, scott wright, security awareness, security training, streetwise security zone