Before launching into the content of her talk, Enterprise Security Awareness Programs That Work, at the 2018 (ISC)2 Security Congress, Theresa Frommel, acting deputy CISO for the state of Missouri, confronted the elephant in the room, asking the audience, “How many of you are nonbelievers?”
When asked whether their programs were delivered only annually, many in the room mumbled yes. Frommel also received affirmation from the audience when she asked, “Most of you are not doing repetitive monthly trainings?”
Many organisations still don’t understand why security awareness training programs matter when they don’t see significant improvements in end user behavior, but Frommel said behaviours can change.
By Kacy Zurkus
To read the full article click here.