This snapshot, taken on 04/03/2010, shows web content selected for preservation by The National Archives. External links, forms and search boxes may not work in archived websites.

We're creating a single website for everything to do with BIS but, while we do that, you'll find information in three places. > Find what you're looking for

 
 

Education and Awareness

A well-trained, well-informed workforce is one of the most powerful weapons in an information security manager's arsenal. There are many reasons why, including:

  • People are very good at spotting irregularities; much better than machines
  • A significant proportion of information security incidents occurs through staff not knowing or understanding
  • Well-motivated staff will report (and act upon) trends and incidents that no mechanised process could realistically hope to detect

The key word is motivation. Without sound motivation, no amount of knowledge or understanding will change staff behaviour. What is needed is appropriate knowledge and understanding accompanied by appropriate action.

Any information security initiative should be accompanied by a parallel education and awareness initiative. How this is done depends on many different factors, including:

  • The level of perceived risk
  • Available budget - often dependent on the level of perceived risk
  • The technical infrastructure of the organisation affected
  • Geographic spread
  • Corporate culture

The issue of education and awareness has been addressed in a number of ways, some successful and others blatantly not so. Many initiatives fail because they are unstructured. There is a growing trend to treat them as objective-driven projects.

The core result from such initiatives should be a change in behaviour.

© Crown copyright2010