154 ◾ Information Security Management Handbook
and equip their staff to handle confidential information. Let us call it installing a more effective
“human firewall.” e staff will better accept change management and be less resistant to controls
and documentation. Awareness is a powerful defense for protecting networks and also prevents
humans from being exploited. It can make them feel like they are a valuable and important part
of the company as well.
Security awareness must go beyond a simple annual workshop to present security policy and
procedures. e security program must do more than simply inform users not to click on an attach-
ment. Educating the end users properly is often the only way to protect against many of today’s
targeted attac ...