Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    For the Thousandth Time: Security is About Training Users

    By
    Anne Chen
    -
    November 13, 2002
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      You can throw as much technology as you want at securing your organization but, when it comes down to it, you dont stand a chance unless your end users are aware that what they do—or dont do—has a lot to do with how secure your enterprise is.

      At the 29th Annual Computer Security Conference and Exhibition in Chicago this week, security vendors and consultants kept stressing one point: Security is mostly a people issue, not a technology issue.

      Here at eWeek Labs, weve written so many stories on the importance of internal security policies, on security training for employees, and on social awareness that IT managers reading these stories probably roll their eyes and think, “Well, duh.” But guess what? We continue to receive an inordinate number of letters from IT managers commenting on how idiotic their end users are when it comes to security. If an end user doesnt realize you have to remove a mouse from its packaging in order to use it, can you realistically expect him or her to realize that scribbling a password on a Post-It note tacked to a computer monitor is not what you meant by “safe-keeping?”

      Snicker all you want, but its true. Just ask Joe Duffy, Partner-in-Charge of the Security Practice within PriceWaterhouseCoopers Global Risk Management Solutions (GRMS) practice, who has heard his share of security breach scenarios involving employees. Duffy, who at the conference presented a model for figuring out how much security is enough, would be the first to tell you that managers need to consider training when determining how much to budget on security.

      The CS/FBI Computer Crime and Security Survey 2002 found that 90 percent of respondents (primarily large corporations and government agencies) detected computer security breaches. Of that group, 43 percent were able to quantify a total of $455,848,000 in financial losses. Hoping to stave off some of those losses, IT managers are finally taking steps to train their employees. At the Federal Reserve in Washington, D.C., Kathryn Ogborn inundates new employees with security training, and messaging designed to promote awareness. And at St. Jude Medical Inc. in St. Paul, Minn., David Stacy developed a multi-language IT Security Awareness e-Learning program used by 4,000 users in 22 countries.

      These IT managers are among the few making inroads toward securing their corporate infrastructures by focusing on training of end users. Unfortunately, however, many others have learned why its so hard to sell top management on investing in security training for end users: Deploying a global e-Learning curriculum isnt cheap, and its impossible to show a clear return on investment. Still, if enterprises are ever going to really solve their security problems, IT managers will have to find a way to sell the bean counters on end user training.

      How are you selling CXOs on security awareness programs? Write to me at anne_chen@ziffdavis.com

      Anne Chen
      As a senior writer for eWEEK Labs, Anne writes articles pertaining to IT professionals and the best practices for technology implementation. Anne covers the deployment issues and the business drivers related to technologies including databases, wireless, security and network operating systems. Anne joined eWeek in 1999 as a writer for eWeek's eBiz Strategies section before moving over to Labs in 2001. Prior to eWeek, she covered business and technology at the San Jose Mercury News and at the Contra Costa Times.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×