Lack of user awareness is damaging the effectiveness of security systems in 75% of companies, according to Meta Group. It also found that in 66% of organisations, a lack of executive awareness was just as damaging.
The analyst group says organisations should ensure their security systems staff have the communications skills to raise awareness among users and managers. It suggests that recruitment criteria and annual reviews should address not only the security professional’s technical skills, but their ability to communicate security issues to users and managers. “The importance of communicating security policy to end users is critical to obtain their co-operation in security initiatives and therefore should not be given short shrift,” says Meta Group security analyst Tom Scholtz.