From the ISC blog, an interesting post looking at an apparent security awareness anachronism – more security knowledge seemingly breeding denial about the need to fix things, just when the likelihood of breaches is skyrocketing.
I spent 25 years in the Washington, DC area, and during that time I became a National Public Radio junkie. I guess I still am. I recently listened to a report on a comprehensive study about how people in the workplace react to the news about a coworker that’s been diagnosed with breast cancer.[i] The results of the study shocked me. The worse the diagnoses and the closer employees physically worked to the diagnosed coworker, the less likely those working in close proximity were to seek cancer screening.
Similarly, as the conversation about the complexities, costs, and potential breaches is elevated to senior management, all too frequently, the more senior management learns, the less they want to know. I liken this to the person who frets over potentially getting cancer, while simultaneously avoiding cancer screening because they don’t want to hear bad news. Debates on screening methods aside, most…
View original post 880 more words