More Quotes

"The right security awareness training program can help build employee leadership skills, including team-building, decision-making and personal accountability."

Jackie Bassett, CEO at BT Industrials, Inc.,
Author of the book: "A Seat At The Table For CEOs & CSOs:
Driving Profits, Corporate Performance and Business Agility".

"As strategists, we can apply all manor of software/hardware technology to control and safeguard the activity on our information infrastructure. While the most important, and at the same time weakest, link in the security chain are people, there are no (publicly acceptable anyway) hardware modifications available to control human behaviour. Awareness, however, is the wet-ware solution that we can install in the human brain that offers the only chance to strengthen this link."

Tom Giangreco, Director of Information Security, SchoolsFirst Federal Credit Union

"Information security can only be successful if it is seen as an integral part of the day-to-day work responsibilities, and it is therefore necessary that everybody in the organization understands the importance of information security, employees as well as top management.  The long-term success of an information security program can only be effective if there is awareness and support throughout the organization. Security awareness and training controls have been identified as a mandatory part of an information security management system, and sponsorship for information security needs to start at the top."

Angelika Plate, Owner AEXIS Security Consultants,
Secretary of ISO/IEC JTC1 SC 27 "IT Security Techniques",
Editor of ISO/IEC 27001, Co-editor of ISO/IEC 27002 and ISO/IEC 27006.

"Security awareness is an essential part of a company's information security program.  Security awareness provides a company with the voice to convey its policies, standards, and guidelines.  Without that voice, companies are susceptible to social engineering, employee actions that can be detrimental to the company, and no real metric to measure a company's information security programs progress.  The last point accomplished only with an effective security awareness program in place.  An example of this is suppose a company has the unfortunate problem of users keeping their passwords on post-its on their computer screens.  A simple metric would be to count how many users in the organization does this?  After security awareness training, the count goes down.  Without security awareness training, there is not an effective means to accomplish this.   By having a security awareness program in place, companies are more secure but, have the most important part of information security involved, company's people."

Troy Takaki, CISM, CISSP, Security Manager, Hawaiian Airlines