Two weeks ago, our Managing Director, Kevin Hyde, and I attended the Federal Information Systems Security Educators’ Association (FISSEA) annual conference at the NIST campus in Gaithersburg, MD. The theme for this year’s conference was “The Quest for the Un-hackable Human: The Power of Cybersecurity Awareness and Training“. Here are some of my thoughts from the event:

• Civilian government agencies are creating cyber hygiene* training programs for its employees.
  One of the key principles we emphasize during our information risk assessments is that people are an integral component of defense against attackers. It’s reassuring to see that the government recognizes this concept as well. Implementing a comprehensive cyber hygiene training program is critical in preventing security incidents (like what happened to OPM last June).

• People are the common denominator in most cyber intrusions because we haven’t empowered them enough.
  Within the information security community, there’s a saying that’s often invoked: “People are the weakest link.” This doesn’t have to be the case. Ensuring employees have the awareness of information security threats and knowledge of proper cyber hygiene (and company policies!) will keep organizations out of the headlines.

Train your people, keep them informed of new information security threats, and remain vigilant. And stay tuned for Kevin’s take on the FISSEA Conference, soon to be posted.

*If you haven’t heard the term “cyber hygiene” before, check out our blog post about it here.

BACK TO BLOGS