User awareness harms security

Communication is the key to securing the enterprise, according to Meta Group, as its latest research reveals that 75% of organisations believe that a lack of end user awareness harms their security programmes.

  • E-Mail
By  Matthew Southwell Published  October 5, 2003

Communication is the key to securing the enterprise, according to Meta Group, as its latest research reveals that 75% of organisations believe that a lack of end user awareness harms the effectiveness of their security programmes.

To help resolve this state of affairs, the analyst house recommends that employees working in IT security improve and place greater emphasis on measuring their communication skills.

"An ideal answer is to establish a well-funded and well-staffed security communication programme," says Meta Group security analyst, Chris Byrnes.

To help overcome the obstacle of poor communication, Meta Group suggests end user organisations implement annual reviews and include communication skills analysis in their initial hiring criteria for security staff.

"Certainly, the ability to configure and maintain security enforcement tools is at the core of the position, but the importance of communicating security policy to end users is critical to obtain their cooperation in security initiatives and therefore should not be given short shrift," says Byrnes.

"As security teams focus on policy and audit/compliance, the success of those security initiatives depends on obtaining cooperation from end users, executive management, and IT and business managers," he adds.

However, even if companies take Meta's advice and begin to address their lack of communication, the impact of the strategy shift will not become apparent in the short term. In fact, the analyst house says it can take a number of years before there is any noticeable difference.

"Developing the corporate culture to support that level of investment takes years of effective communication by the existing security staff. In fact, most organisations will fail to successfully secure their technology environment simply because the security staff lacks the communication skills to create this shift in corporate culture," says Byrnes.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code