Embedding Awareness Into the Culture presented at CISOatlanta 2016

by John B. Dickson,

Summary : For most organizations, the majority of risk profile factors are due to a lack of user knowledge. For John Dickson at Republic National Distributing Company, it came down to an education issue and approaching end-user risk from the standpoint that employees are not intentionally malicious. After deploying company wide training, security education has become integrated into corporate culture. It’s now an integral part of new hire training and is ongoing with employees on a yearly basis. The result: a 40 percent decrease in viral infections, and a symbiotic, direct feedback relationship with employees and the security team.