Testing Assumptions About Security Awareness

Advisor

Testing Assumptions About Security Awareness

Posted December 6, 2011 | | Amplify

It's clear that our once-a-year, work-your-way-through-a-slide-set approach to computer security training doesn't work. Even with this training, people still write down their passwords, click on links in emails from untrusted sources, and download free software with unknown provenance. For example, last year, 10,000 New York State employees were sent a phishing email to test their ability to recognize suspicious email and links. Three-quarters of the recipients opened the email, and 17% clicked on the embedded link.

About The Author

Shari Pfleeger

Shari Lawrence Pfleeger is Director of Research for the Institute for Information Infrastructure Protection (I3P), a consortium of 27 US universities, national laboratories, and nonprofit research institutions examining critical problems in cyber security, dependability, safety, and reliability. Dr. Pfleeger's work examines how technology supports business and government goals. Her many articles and books include Security in Computing (with… Read More

Don’t have a login? Make one! It’s free and gives you access to all Cutter research.

	The Cognitive Enterprise: Integrating Security and Risk Management
	Calculating PE Benchmarks at the World's First Scrum Restaurant
	Digital Transformation Takes a Managed “Messy” Architecture
	Business Architecture: Strategy Execution’s Secret Weapon
	All About Agile Integration and Testing
	The Cutter Edge: Prepare a Security Incident Response Plan, Span the Customer/Work Gap, Fall Bookstore Sale

Testing Assumptions About Security Awareness

Subscribe to free newsletters

Contact us