Two Minutes with … Larry Ponemon

At a recent SecureWorld Expo in Seattle, MediaPro sat down with Dr. Larry Ponemon to discuss security awareness training. (Ponemon is the Chairman and Founder of the Ponemon Institute, the leading think tank and research organization addressing privacy, data protection, and information security policy). We wanted to share a few of his thoughts on the importance of providing proper, behavior-changing security awareness training.
“In our work,” Ponemon explains, “we find that a lot of the security awareness training that is done is very superficial. These organizations call it training, but it’s really just a PowerPoint presentation, after which employees sign a document that says they viewed the material. It’s cheap to deliver it that way, and it may check a compliance box, but you have to ask, how much of this is being retained? The answer, of course, is not much. And it certainly does not produce any sort of sustainable behavior change.
“The problem we see over and over again on both data breaches and security exploits generally is the lack of trained individuals and people who understand the issues. And it’s not just the rank and file, but also the people who are responsible for managing security. The fact is, they also need to be part of that training process. Moreover, security personnel, who are often tasked with training, generally lack the credentials to properly train employees. You really need to have people with domain expertise to be driving this.”
Of course, we couldn’t agree more. If you are interested in learning more about the elements of good security awareness program, we invite you to download the free eBook, 3 Steps to Awareness Success.

Share this Post