2 responses Aug 06

Security Culture: Awareness

Advancements technology has had numerous advantages to society. However, there are many risks associated with technology that pose significant threats to data. Given a position where I would have the power to create a national culture on security, I would put in significant resources on awareness. Awareness is defined as an interest in a given situation or trend. Individuals are better placed if they get training on awareness. With awareness, I believe that individuals will be better placed to be more knowledgeable and, at the same time, proactive on the threats to information security.

The advantages that organizations will accrue with awareness by training include having a culture that is focused on security. With adequate training, employees will tend to understand the various threats that an entity may face (Ki-Ares et al., 2017). A perfect example will be on aspects such as phishing. Once employees understand that third parties can access the entity's information via their emails, employees will be better placed not to open emails that may lead to the vulnerability of information in an entity. Thus, with awareness, employees will be better placed to realize avenues that may be used by third parties, ensuring that they are more knowledgeable and, at the same time, proactive on the various threats associated with information security.

With awareness, employees are empowered. Employees understand the various threats that information in ana entity may face (Lee et al., 2016). Without awareness, employees may feel that they are not empowered enough to counter such threats. Human errors have always been the leading case to attacks and breaches in various entities. When employees are empowered, they are better positioned to understand the multiple interactions of data, which will ensure that there are fewer errors associated with data. In reducing the errors, companies and organizations are better placed to mitigate risks and thus ensuring at all times that information is safe.

Awareness ensures that employees and the organization's management are on the same page. With training and awareness, individuals are better placed to understand the goals of an organization. This will ensure that employees follow the set measures by a company and do not impose their own matters aspects such as BYOD, as they will be in sync with the measures that an enterprise has taken in a bid to ensure that there is information security.

In conclusion, training on awareness is an aspect that can ensure at all times that individuals are knowledgeable and, at the same time, proactive on aspects related to information security.

References

Ki-Aries, D., & Faily, S. (2017). Persona-centred information security awareness. computers & security, 70, 663-674.

Lee, H., Jeon, S., & Zeelim-Hovav, A. (2016). Impact of psychological empowerment, position and awareness of audit on information security policy compliance intention. In Pacific Asia Conference on Information Systems (PACIS). Association For Information System.