April’s awareness topic is security innovation
Introduction and scope
A key security awareness message for April is that we cannot afford to let the bad guys get
too far ahead of us, which leaves us no option but to innovate at a similar rate as them, maintaining and updating our information security, getting creative at times to address the
risks in the most effective manner.
“To keep innovating successfully, organizations must:
Invest in state-of-the-art programs that enable the company to outmaneuver adversaries instead of spending more on existing programs.
Refuse to stand still when it comes to cybersecurity; organizations need
to innovate continually to stay ahead of potential attackers”
Accenture Security Index
We also need help to spot, report and respond to emerging dark-side threats, a valuable rôle
for our extended family - the social network of information security professionals, friends and contacts, both within and without the organization.
That need stimulated our creative juices to design the wanted poster ->
The awareness module sneaks a sideways glance at the information risks and controls associated with the process of innovation. Intellectual property rights are the subject of a
complete NoticeBored module so this month a brief mention will suffice without going off at a tangent and getting bogged down in the mire of, say, patents and licensing.
The latest NoticeBored module aims to open workers’ eyes to innovation and creativity on the Dark Side (e.g. new ways for hackers, criminals and
fraudsters to target, mislead, compromise, defraud and exploit both organizations and individuals) and explore innovation and creativity on the Light Side (e.g. new ways to secure personal and corporate information, new security technologies and services etc.).
Think about your awareness objectives in relation to security innovation and creativity. Are there specific business concerns or goals in this domain, or
more broadly? Is innovation a strategic issue, for instance a part of your corporate mission?
This topic is likely to be of interest to business departments or functions with a strong creative brief (e.g. Research & Development, Marketing) and HR.
Hunt down any recent or ongoing innovative business projects, products or initiatives, quizzing the managers/leaders for information about the innovation
and security aspects. Incorporating notable comments, challenges, achievements and anecdotes is an excellent way to customize the generic
NoticeBored content for your organization. Can you persuade your contacts to help present/deliver the awareness messages in person? If not, will they
at least spare an hour to comment on and contribute to the awareness materials?
Inside the NoticeBored module
The April module is an 80 Mb ZIP file containing the following awareness materials:
That listing only briefly outlines the content. Discover the thought that went into creating the individual items, and how the whole module evolved, through the NoticeBored blog. We’re blogging right through April as we prepare the May module, so track the blog to keep up with developments.
Building a security culture through awareness
A security culture involves everyone in the organization, top to bottom, collectively valuing, protecting and (where appropriate!) exploiting information.
Subscribe to NoticeBored for fresh perspectives on information risk and security within the corporate context. NoticeBored picks up on the strategic,
governance, compliance and business aspects, particularly in the management stream of course but the principles underpin the general staff and
professional streams too. Information is a valuable and yet vulnerable asset that needs to be protected for sound business reasons.