Security awareness programs must seek more than mere awareness

Conclusion: Security awareness programs are an attempt to change staff behaviour for the protection of an organisation’s information assets, and also an attempt to change corporate culture to support and encourage desirable behaviours. However, security awareness programs also run the risk of overwhelming staff with too much fear, uncertainly, and doubt. A disempowering message is more likely to result in either no behavioural change or, potentially, an undesirable change. Instead, security awareness programs should focus on helping staff develop and sustain the skills and knowledge required to execute on their work, and also maintain a mind state of “relaxed alert”, or “Code Yellow” in Cooper’s Colour Codes.

Existing Client Login



This Advisory paper is only available to IBRS Advisory clients. To find out more about becoming an IBRS Advisory client complete the attached form and we will be in touch.
Name(*)
Please let us know your name.

Email(*)
Please let us know your email address.

Number(*)
Please enter a valid phone number

Invalid Input