I’m really looking forward to RSA Europe 2012 next week where I’ll be taking part in a debate about whether or not organisations should train their staff in security awareness. It is being organised by Acumin and the RANT community.
Participating with me will be:
- Christian Toon, European Head of Information Risk, Iron Mountain Europe
- Thom Langford, Director Global Security Office, Sapient
- Javvad Malik, Senior Security Analyst, 451 Research
- Rowenna Fielding, Information Security Manager, Alzheimer’s Society
- Kai Roer, a freelance author, trainer and security consultant
Myself, Thom and Rowenna will be arguing the no!
Of course I believe that staff awareness is a good thing. I’m just not sure if the methods we’re using to try to achieve it are working or worth the investment.
Potentially we need to throw our current ‘security awareness’ approach in the bin to get rid of the death by CBT legacy and start again. It wouldn’t hurt to define what it actually is before we go off spending millions trying to achieve it.
I’ve probably given away a lot of my ideas for the debate in our run-up conversations but part of me would love it if there was a strong rebuttal to some of my points. I’d actually love to be proven wrong. Christian reckons that he’s got a debate winning zinger ready to go – I’ll guess we’ll see.