Читать книгу 8 Steps to Better Security - Kim Crawley - Страница 12

Security leaders believe strongly in the importance of security culture. I asked some of these leaders for their thoughts on how an organization can improve their security culture. Their ideas were varied, but they all included improving relationships. For example, Andrew Gish-Johnson at Carnegie Mellon University stressed visibility and a willingness to help. He said, “Figuring out how to do things right is tough. Finding people to help is tough. If the organization doesn't know who to talk to or finds you're not helpful, they're avoiding you as much as possible.” But if, as the CISO, you can make sure the rest of the company knows who you are and what your role is, you can help improve your security culture.

Nav Bassi, the CISO at the University of Victoria, stressed “awareness and education,” while my friend Larry, a good cybersecurity leader but a very private man, said that “gamification (making educational material like a video game)” can help ensure employees understand cybersecurity well enough that they can maintain the security culture.