• June 15, 2016

Awareness Is Only the First Step

A framework for progressive engagement of staff in cybersecurity.

Awareness is only the first step

While security communication, education, and training is meant to align employee behavior with the security goals of the organization, it is not always designed in a way that can achieve this. As a result, senior management does not know if recommended security behavior is actually followed in practice by all staff. The root cause of this disconnect is that businesses do not know how to engage their employees for the long term; they end up using tick-box exercises, which result in employees retaining little knowledge rather than the desired goal of achieving improved security.

HPE, in collaboration with the Research Institute in Science of Cyber Security at University College London and the UK governments’ National Technical Authority for Information Assurance, published a new whitepaper, Awareness Is Only The First Step, to help organizations establish a framework for security awareness that will empower employees to become the strongest link—rather than a vulnerability—in defending the organization. Key findings for developing a strong employee program include:

  • A combination of communication, education and training (CET) activities can build greater security awareness and lasting behavior change.
  • Remove impossible security tasks as part of an essential security hygiene process.
  • Security awareness campaigns must be tailored, ongoing, and involved.
  • Balance prescriptiveness of policies and the practicality of enacting them.
  • Communicate the value.

Download the full whitepaper.  Awareness Is Only The First Step

Start your security transformation journey; complete a 360-degree assessment.