Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why you shouldn't train employees for security awareness

Dave Aitel | July 19, 2012
If there's one myth in the information security field that just won't die, it's that an organization's security posture can be substantially improved by regularly training employees in how not to infect the company.

There's a lot of money and good feeling in running employee training programs, but organizations will be much better off if the CSO/CISO focuses instead on preventing network threats and limiting their potential range. Employees can't be expected to keep the company safe; in fact it is just the opposite. Security training will lead to confusion more than anything else.

By following an offensive security program, companies can keep their networks, and employees, protected.

Dave Aitel, CEO of Immunity Inc., is a former 'computer scientist' for the National Security Agency. His firm specializes in offensive security and consults for large financial institutions and Fortune/Global 500s.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.