Читать книгу Security Awareness For Dummies - Ira Winkler - Страница 27

The compliance budget concept highlights how employees at work have a variety of requirements placed on them and their time. They have to balance how much time they use to satisfy various required tasks. The compliance budget accepts that users may well understand the importance of good security practices. It also acknowledges that users may consider other concerns to be equally or more critical. The more embedded security practices are within a job function, the more likely the practices will be implemented.

For example, if a user is running late to a critical client meeting, even if they know that securing the workspace is important, will they run even more late to the meeting to secure their computer and lock away sensitive documents? How do they determine which correct action takes priority? If you portray the security practices in your awareness program as a should-do item, you allow the user to ignore your guidance in favor of more apparently pressing issues. If your guidance is defined as a must-do item, however, it’s much more likely to be followed and implemented.

Users are typically balancing a variety of concerns, both personal and work related, and you need to consider how you’re presenting your materials with regard to positioning security awareness, among all the other daily concerns across their work and personal lives. This is where nudges and other properly placed security reminders, as discussed in Chapter 7, can have an impact on diligent users.