Читать книгу Security Awareness For Dummies - Ira Winkler - Страница 38

Awareness is just one tactic within an overall strategy to reduce the risk associated with user-initiated loss. If you’re in charge of your organization’s overall efforts to mitigate user-related loss, you need to consider awareness as one tool in your arsenal. If you’re responsible solely for awareness, you need to understand your place within the overall loss-reduction strategy.

Users can fail only if the technology around them provides them with the opportunity to fail. A user can’t click on a phishing message, for example, unless all the antiphishing technologies in place failed to filter the message in the first place. Of course, technology fails significantly less often than users fail. For this reason, you need to either frame your efforts accordingly or work with the teams that provide the users with the environment.

Here are some ways other teams can help:

 Work with the teams that provide the technical security environments to reduce the opportunities presented by the environment for users to initiate losses.

 Work with the teams that manage the technology that anticipates harmful user actions, such as data leak prevention tools, to mitigate the harm from the actions proactively.

 Work with the operations team to see how users’ actions can be better defined to avoid the initiation of losses.

Security awareness is just one tactic, among many, to mitigate damage caused by users. If you want to fail, portray your efforts as a strategy to deal with the entire problem.