InfosecNA18: Building a Security Awareness Program

At the second annual Infosecurity North America conference at the Jacob Javits Convention Center in New York, Tom Brennan, US chairman, CREST International, moderated a panel called Securing the Workforce: Building, Maintaining and Measuring an Effective Security Awareness Program to Drive a Company-Wide Responsibility for Security. For some, security awareness is largely about compliance, but creating an effective program in which all members of the organization understand their role in protecting the organization is about more than checking a box. Commenting on whether security awareness is a matter of compliance or an investment in personnel, Chris Budd, VP, information security specialist CISO Americas, Deutsche Bank, said that it’s actually both. “More and more, regulators want to see that we are in compliance with regulations, and they want to see that this is happening in-house,” Budd said.