For over 30 years, the security community mantra has been to deliver annual or regular security awareness education sessions to staff. And for over 30 years, the “big stick” approach has failed to produce any appreciable results. For the most part security awareness training has become ” a corporate check box” and is used to satisfy audit requirements. Despite accumulating some metrics, awareness has not reduced the vulnerabilities nor improved the security posture in organizations. A new approach is needed and the “branding” needs to be altered. This session will look at the changes being made in Cyber Security Awareness at the Ontario Provincial Government.
October 22, 2014 | Management (718b) | 10:15 – 11:15