Application security awareness module
In the dying days of August, just as we were busily finishing-off September's awareness module on application security, what should pop on to my screen but a new survey from Ponemon Institute on that very topic. With some trepidation, I opened the report to see how its findings compared to our own research ... and was relieved to see that we had picked up on all seven of Ponemon's key issues, plus a few more due to our slightly wider scope.
Does your security awareness and training program cover the information security aspects of application development, acquisition, management and use? Does it even mention mobile apps, BYOD and cloud computing? Go ahead, dust it off and take a look. Does it talk to business and project managers, IT pros and employees in general about relevant security aspects that matter to them, in terms that make sense and resonate? Does it successfully prompt a productive dialogue between executives and practitioners concerning application security risks and controls? Does it highlight topical issues, pull up the latest research and thinking, capture employees’ imagination, and most of all motivate them to behave more securely?