Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What prevents breaches: process, technology or people? One answer is PC, and one is right

Ira Winkler | April 13, 2017
Many experts say that people are more important than process in the IT security world.

Awareness programs should focus on informing people about the behaviors specified within the governance documents, not random best practices. A good awareness program tells people what they should be doing, not what they should be worried about. Assuming governance is complete, when faced with a social engineer who wants an employee to do something wrong, the employee would follow procedures and not fall prey to the attacker.

Before you address the people problem, you need to ensure you know specifically how you want the people to behave, and especially how you intend to inform people of those expectations. That is process. In the Process-Technology-People triad, it is where it all begins. It might be politically correct to say people come first, but it is still wrong.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.