Breaking Out of the Compliance Mindset

By   ISBuzz Team
Writer , Information Security Buzz | Oct 23, 2013 04:50 am PST

In a new blog post from Rohyt Belani, CEO of PhishMe, the issue of security compliance and training discussed. The following Key points include:– Addressing security threats requires a new direction from the mindset that compliance equals security. While compliance is a requirement for many organizations, compliance does not equal security.

– Security awareness has traditionally been associated with the compliance side of security, but to be truly effective, it needs to focus on current threats and evolve with the threat landscape.

– Compliance is useful in that it forces organizations to focus on security, but security departments should no longer view compliance as anything more than what it is – the floor, not the ceiling.

– Compliance-driven training will only require that you prove people have completed the training, it won’t require any proof that employees can apply information provided during training. Checking off the security awareness box on your compliance checklist is necessary and it may feel comforting, but it’s a false sense of security.

– Just as organizations have unique needs; humans have different needs as well. Applying a one-size-fits-all approach to training will meet compliance needs, but it won’t be as effective as continuous training with multiple education modes; thus appealing to a variety of learning styles. Your security awareness program needs to evolve beyond annual training into a living, continuous program.

– While compliance struggles to keep pace with emerging threats, security awareness that succeeds in improving employee behaviour could keep you ahead of the curve. The adversaries are dynamic, creative humans, having security-aware employees with the skills to identify anomalous activity as a strategic objective will go much farther than checking the box.

The read the full blog article visit: