How Are We Perceived?

This chapter outlines the role that training holds in regard to security awareness. It is a powerful means in itself, but is best used in alliance with other techniques. The chapter outlines a number of ideas based on a 'guerrilla' approach to security awareness. Empirical information on information security incidents and behaviours is rare and often unreliable. For many years computer-based training (CBT) has had a mixed reception by information security professionals. Some high level research was undertaken in the early 1990s by a group of information security managers who were employed by various London-based investment banks. Certified Information Security Manager (CISM) is a qualification offered via the Information Security and Control Association (ISACA). ISACA is a professional body that represents IT Auditors. It is descended from the Electronic Data Processing Auditors Association (EDPAA), a name that betrays its age and lineage. A Certified Information System Security Professional (CISSP) is a qualification for more technical information systems security practitioners.