Security teams should stop treating users as the weakest link in security and, instead, turn them into allies in building a strong security culture. This was the message from Shelly Epps, HCISPP, Director of Security Program Management at Duke Health, who delivered a presentation this week at the (ISC)² SECURE North America virtual event. “If you are relying upon users for your security, you’ve effectively already failed,” she said. Instead, organizations need to develop comprehensive, multidimensional programs that keep users engaged. Traditionally, Epps said, organizations have built security programs around compliance obligations and PowerPoint-based lists. Programs tended to be punitive,…
This article has been indexed from (ISC)² Blog
Read the original article: