When I was asked to keynote a CSO event four years ago, I was pleasantly surprised to find that security culture was the top concern of the CSOs in attendance. Having performed many security assessments and penetration tests, I can tell you it is sadly obvious that even the best technical security efforts will fail if the company has a weak security culture. At the time, I was heartened to see that CSOs were moving past straight technological solutions and towards instilling a strong security culture as well.
In the intervening years, the perceived importance of security awareness programs has seemed to grow exponentially. And the resources allocated to them have increased as well.
Read more here:: IT news – Security