Insurance Comment

[Water Consumption]

Why Security Awareness Training Should Be Backed by Security by Design Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior. As IT organizations struggle with the security implications of remote working arrangements and the already lackadaisical attitudes about security that permeate across the enterprise user base, now is the time to change how security teams influence their users' behavior. So say experts at Information Security Forum (ISF), which this week released new guidance on how to move beyond tepid security awareness training toward more all-encompassing strategies.  Most security leaders still struggle to develop security education and awareness initiatives across the workforce resonate with users and promote sound security behavior, ISF reports. Some 65% of the ISF membership, on which its report is based, say their employees' receptiveness to existing security training is very low to medium. Some of the biggest challenges named by these respondents include a lack of applicability to job roles, mixed or inconsistent messages, and poorly developed content. New on The recommended site Edge: How Industrial IoT Security Can Catch Up With OT/IT Convergence In the report "Human-Centred Security: Positively Influencing Security Behavior," ISF recommends organizations not only overhaul their security training programs, but also fundamentally change the role training plays in prodding employees to make consistently secure choices both in the digital and physical world. Central to that is taking up the mantle of secure behavior by design. The concepts of "safe by design" or "secure by design" are well-established psychological enablers of behavior. For example, regulators and technical architects across the automobile and airlines industries prioritize safety above all else.

[Insurance] [Finance]