I’m generally reluctant to criticize colleagues, but occasionally they come up enough drivel to spur me into action. I was disappointed, to say the least, to read that Stuart King, a kindred spirit and fellow blogger, has taken to rubbishing the value of security awareness projects. Pay no attention to his ramblings. He’s got it completely wrong.
Stuart’s own initiatives might have failed to hit the spot, but there are still massive benefits to be gained from well designed security awareness initiatives. I’ve seen huge drops in security incident levels through smart educational projects.
The problem is that this is not a subject that amateurs can easily tackle. Many security awareness projects are poorly conceived and consequently ineffective. So don’t judge them all equally. The solution is to get it right, not to broadcast failings. Just because you can’t do it doesn’t mean that others can’t.