Challenges Faced by Organizations



Security awareness programs are wonderful: managers wonder why users fail password audits, awareness trainers wonder why they have to constantly remind people not to reuse their passwords for different accounts, and users wonder why they have to sit through yet another presentation telling them to craft unique passwords for each account. The information in a typical security awareness program is often well-known, yet organizations still have to deal with the very real risks that result from people not following or understanding the awareness material.


  1. Dave Aitel. Why you shouldn’t train employees for security awareness. CSO Online, July 2012.
  2. Oliver Rochford. Security awareness training: It’s the psychology, stupid! Security Week, September 2012.
  3. Ponnurangam Kumaraguru; Yong Rhee; Steve Sheng; Sharique Hasan; Alessandro Acquisti; Lorrie Cranor; Jason Hong. Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer. Technical report, Carnegie Mellon University, 2007.Google Scholar
  4. SANS. 2015 security awareness report. Technical report, SANS Securing The Human, 2015.
  5. Samantha Manke; Ira Winkler. The habits of highly successful security awareness programs: A cross-company comparison. Technical report, Secure Mentem, 2012.
  6. Sean Gallagher. DHS infosec chief: We should pull clearance of feds who fail phish test. Ars Technica, September 2015a.
  7. Taylor Armerding. Millennials becoming known as Generation Leaky. CSO Online, February 2015.
  8. Tim Greene. Phishing scams dupe the most active online users. Network World, April 2011.

Copyright information

© Jordan Schroeder 2017

Authors and Affiliations

  1. 1.EdinburghUK

Personalised recommendations