- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Developing a Security-Awareness Culture - Improving Security Decision Making
- Abstract
- CIOs, managers and staff are faced with ever increasing levels of complexity in managing the security of their organizations and in preventing attacks that are increasingly sophisticated. As individuals we are subjected to enormous amounts of information across broad ranges of subjects, including security policies; new technologies, patches and threats; and, new sources of information. As the environment continues to become more dynamic the process of making good security decisions is becoming more and more challenging. The answer lies in creating security-aware cultures in our organizations. This paper proposes that creating security aware cultures is dependent on improving how individuals make security decisions. Awareness of our decision-making processes as security practitioners can help us make better decisions in these uncertain conditions and help promote security-aware cultures in our organizations. Key to doing this is in understanding the process of how we really make decisions and what factors in the process may impair our abilities to make good security decisions for our organizations. This paper examines important facets of individual and group decision-making and provides prescriptive guidance on how we may improve the quality of our decision-making processes, leading to better security decisions.