One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1495741 |
| Date de publication | 2019-12-09 19:47:45 (vue: 2020-01-03 15:00:04) |
| Titre | NBlog Dec 9 - ISO27k security awareness |
| Texte |  Our two-hundred-and-first security awareness module concerns the ISO27k standards.◄ The quotation from ISO/IEC 27000 is right on the button: information is worth securing because it's valuable, essential in fact. Inadequately protected organizations hit by ransomware incidents know that only too well, with hindsight ... which is of course 20/20 ...... And that reminds me: as the NoticeBored service draws to a close, I'd like to think we'll be leaving the world in a better state in 2020, but to be honest we've made little impression. Pundits have long advised that security awareness is important. An increasing proportion now recommend regular awareness activities. A few even suggest a continuous or ongoing approach. Perhaps they've been listening. I've been banging that drum for 20 years.As we hand over the reins, I hope the information security management and awareness pros will finally come to recognize the value of not treating their awareness audience as one amorphous blob, disparagingly called "users". As far as I know, NoticeBored remains unique in addressing two discrete audiences within "users" (we much prefer the term "workers") with distinct information needs: managers and professionals. Given their markedly different concerns and responsibilities, its hardly surprising (to me!) that they find little of value in conventional security awareness content and fail to participate in the usual awareness activities. They are largely disinterested and disengaged, substantially weakening the organization's security culture, like a three-legged milking stool missing two of its legs. ISO/IEC 27002:2013 section 7.2.2 takes a page to say not very much about security awareness: I must take a close look at the awareness section in the draft update to '27002, currently extruding its way through the ISO/IEC sausage machine towards publication at the end of 2021. |
| Envoyé | Oui |
| Condensat | given iso/iec pundits have 20/20 2020 2021 27000 27002 27002:2013 about activities addressing advised amorphous approach are audience audiences awareness awareness: banging because been better blob but button: called close concerns content continuous conventional course culture currently dec different concerns discrete disengaged disinterested disparagingly distinct draft draws drum end essential even extruding fact fail far finally come find first from hand hardly hindsight hit honest hope hundred important impression inadequately incidents increasing information iso/iec iso27k its know largely leaving legged legs like listening little long look machine made management managers markedly me: milking missing module much must nblog needs: not noticebored now one ongoing only organization organizations over page participate perhaps prefer professionals proportion pros protected publication quotation ransomware recognize recommend regular reins remains reminds responsibilities right sausage say section securing security service standards state stool substantially suggest surprising take takes term they think three through too towards treating two unique update users usual valuable value very way weakening well which will within workers world worth years |
| Tags | Ransomware |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.