IN THIS CHAPTER

Recognizing the importance of security awareness

Working with a security awareness program

Knowing where awareness fits within a security program

Getting why the so-called “human firewall” doesn’t work

A successful security awareness program motivates people to behave according to defined practices that decrease risk. Creating a program that successfully changes behavior throughout an organization involves more than simply communicating a bunch of facts about security awareness. Just because people are aware of a problem doesn’t mean they will act on their awareness. In other words, awareness doesn’t guarantee action. (Everyone knows that fast food isn’t the healthiest choice, but most people still eat it.) This chapter sets the foundation for understanding the issues and the solutions.

Understanding the Benefits of Security Awareness

The thinking behind security awareness is that if people are aware of a problem, they’re less likely to contribute to the problem — and more likely to respond appropriately when ...