Friday, November 23, 2012
Are Information Security Posters another Enterprise Worst Practice?
If you walk the corridor of many large enterprises and peer into the cubicles, you will see an increasing practice of information security posters being hung. A corporate investment in eye-pleasing glossies surely means business.| | View blog reactions
Reality states otherwise! Why does the glossy not mention the various breaches and information leaks that have happened over the past year? Root cause analysis of majority of the fatalities end up at the ubiquitous "operator error" dead-end. Not one single solitary information security systems audit has addressed root causes or system gaps that have resulted in the fatalities. But there are plenty of posters of Security and Privacy all over the place.
Posters and more posters to implement "communicate, over communicate till the message hits home and results in action". All this is at best wishful thinking. When there are many posters, they will become part of the furniture and people will ignore them. Wouldn't it be fascinating if employees were randomly interviewed in the hallway as to why they hang these posters? I bet many people wouldn't be able to explain security beyond snide remark that some executive felt it was important.
Every bit of communication needs to be well thought out, and certainly not be a space filler or part of some mindless mass campaign with no clear objective. If we are to be successful in evangelizing the importance of information security, it is vital that we assess what each and every poster and visual communication seeks to achieve. To be taken seriously you need to take yourself seriously. In the same way, for visual communication to be taken seriously, it needs to stand out and be connected with other things that are happening at that work place and not be part of clutter.