Information Security Forum: Embedding Positive Information Security Behaviors in Employees Is Key

Latest Research Finds That Making Employees Aware of Their Information Security Responsibilities and How They Should Respond is No Longer Enough
By: Information Security Forum
May 6, 2014 - PRLog -- The Information Security Forum ( (ISF), a global, independent information security body considered the world's leading authority on cyber security and information risk management, today announced the availability of From Promoting Awareness to Embedding Behaviors, the organizations latest report which explains to senior business executives, influencers and other decision-makers why a move to embedding positive information security behaviors is crucial in today’s global business environment.

According to the ISF, organizations have spent millions over recent decades on information security awareness activities. The rationale behind this approach was to take their biggest asset – people – and change their behaviors, thus reducing risk by providing them with knowledge of their responsibilities and what they need to do. From Promoting Awareness to Embedding Behaviors proposes that making people aware of their information security responsibilities and how they should respond is no longer enough. Instead, the answer is to embed positive information security behaviors, which will result in ‘stop and think’ becoming a habit and part of an organization’s information security culture. The success of behavior change for information security should be measured through a reduction in risk, rather than what people know, or fail to know, and can choose to ignore.

“While many organizations have compliance activities which fall under the general heading of ‘security awareness’, the real commercial driver should be risk, and how new behaviors can reduce that risk,” said Steve Durbin, Global Vice President, ISF.  “The time is right and the opportunity to shift away from awareness to tangible behaviors has never been greater. The C-suite has become more cyber-savvy, and regulators and stakeholders continually push for stronger governance, particularly in the area of risk management. Moving to behavior change will provide the CISO with the ammunition needed to provide positive answers to questions that are likely to be posed by the CEO and other members of the senior management team.”

From Promoting Awareness to Embedding Behaviors helps organizations understand what ISF Members are doing about security awareness and behavioral change. This includes presenting what ‘good practice’ looks like, and proposing new and creative ideas that will improve or augment what leading ISF Member organizations already have in place. The research identified four requirements for future success:

·         Develop a risk-driven program

·         Target behavior change

·         Set realistic expectations

·         Engage people on a personal level

“Today’s leaders often demand return on investment forecasts for the projects that they have to choose between, and awareness and training are no exception. Evaluating and demonstrating their value is becoming a business imperative,” continued Durbin. “Unfortunately, there is no single process or method for introducing information security behavior change, as organizations vary so widely in their demographics, previous experiences and achievements and goals. From Promoting Awareness to Embedding Behaviors proposes a way forward for organizations that want to embed positive and sustainable information security behaviors into their organization’s culture.”

From Promoting Awareness to Embedding Behaviorsis available now for purchase from the ISF Store on the ISF’s website  For more information, please contact Steve Durbin at

About the Information Security Forum

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.

Further information about ISF research and membership is available from

John Kreuzer
Source:Information Security Forum
Email:*** Email Verified
Tags:Information Security, Cyber Security, Risk Management, Data Breach, Data Privacy
Industry:Research, Security
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
Gutenberg Communications News
Most Viewed
Daily News

Like PRLog?
Click to Share