National Computer Security Day
Posted by jericho
November 30th was National Computer Security Day. It came and went .. did you notice? I previously blogged about National Cyber Security Awareness Month, calling into question the value of awareness months of any kind. Awareness days are no different. As William Knowles said, ”might have been national kick a penguin day, I wouldn’t have known any differnce..”
In my opinion, views on this subject will vary depending on what you do for a living. If you are in some type of corporate world, or have a large amount of users to support, then “Awareness Days” do have their purpose and provide some value.
When it comes down to it, awareness is a necessary evil. In fact, many security professionals base their whole security program/careers on having an effective security awareness program. By having a day to “celebrate,” it does help some people as they can use it and do not have to create an awareness program from scratch. I have used it in the past, and even this year as an excuse to get a security awareness message out there. I personally think a “Security Month” is a bit ridiculous, but I do support National Computer Security Day.
Perhaps, the real question here is do you think Security Awareness is worth anything?
I was recently at Dulles Airport and was waiting in a massive line to go through a security check. Every minute there was an announcement that stated not to leave your luggage unattended. In most airports, you hear it occasionally–but at Dulles it seemed to be non-stop. Believe it or not, there were still many people leaving their luggage unattended!
The bottom line: people are key to the success of an information security program. Some type of an awareness program needs to be in place to help users understand the issues and what is expected from them. However, your users are going to leave their luggage unattended no matter how many times you tell them not to— but with a little awareness they’ll do it less often.