Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: awareness training

Agility and Risk Compensation: Exploring the Connection

– In my previous and inaugural column, I introduced the concept of a tradeoff between information security and agility, where agility was defined as “the capability to change with managed cost and speed.” Information security doesn’t necessarily have to be at odds with agility, but…

How to Make Security a Presence in Your Organization

– Welcome once again to the risk rack. In this risk rack I will be discussing a way to bring some presence to your security awareness month. To the uninitiated, National Security Awareness Month occurs in October and is supported by the U.S. Department of Homeland Security. A security program is…

Does Security Awareness Work (pt. 2)? It all Depends on What You Mean by “Work”

– Several weeks ago this column printed an article entitled, “Does Security Awareness Work? Some Answers from Experimental Research.” The article presented results from three published experiments concerning the effectiveness of awareness programs. In the final paragraph of that piece, readers…

Does Security Awareness Work? Some Answers from Experimental Research

– Shortly before the 2004 Infosecurity Europe trade show was held in London, a small group of researchers gathered at a major rail station in that city and proceeded to approach the mass of morning commuters. The researchers offered a deal to each individual: If you tell me one of the passwords you…