Chapter 11

Introduction

Educating your workforce about cybersecurity through an awareness program is a foundational requirement that all cybersecurity standards share. So why don’t we have a very well-educated workforce when it comes to cybersecurity? Perhaps too many organizations, when they recognize the need for a cybersecurity awareness program, treat it like a change management effort; roll it out just in time and then add it to the corporate training curriculum. We know that’s not effective.

Bill begins this chapter by recalling that there have been other large-scale societal changes that have required massive, sustained awareness programs. He outlines the commonalities between these programs and allows the reader to draw inferences that will help put their program into context and set it up for success.

Matt continues the discussion by showing how each member of the executive team must buy in and be part of the solution. Education and awareness are about people, and specifically, the role each of us plays and how that role is personal to every one of us and through us becomes personal for each organization.

Gary then shows us how important it is to measure what we do, and more importantly, to build a habit of learning from each breach and changing the training content so that it evolves as our threat environment evolves. Tying our metrics to our awareness program is a powerful concept and will help any team be more successful by focusing on continual improvement.

The authors would like to pose some important questions to think about as you read this chapter:

·       What are the “lessons learned” from industry data breaches that can be used to reduce our organization’s risk exposure to these adverse events?

·       How successful is training our staff in actually preventing breaches versus having the right software and hardware in place?

·       Does our organization have a culture of cybersecurity awareness and do we have a program to educate our staff?

·       What is our Incident Response Plan and how do we train staff, stakeholders, and partners on how to use this plan?

Visit here for an excerpt from chapter 11…

Copyright © 2016, 2018 CISO DRG JV – All Rights Reserved.