Tweeks ago, at this successful! symposium, I noted the developments in the Awareness side of our IRM business. Multiple speakers were onto the subject without hesitating to move beyond the mere annual poster campaign for awareness, and moving into the daily-normal subconscious behavioral change work that was for a long time so much lacking. From ISO 2700x as well.

Which of course is a very, very good thing. Before the 80% of hard work in IRM as such (after discounting the first 80% in hardcore information security), the 80-100% of effort should go into this socio-/psycho-/behavioral fluffy stuff that yields so many benefits and returns. Though we ‘still’ may not be good at it, at least there is development, and leading examples. Thanks, speakers, for that; and for now:
[Your guess. No, not Paris, Reims; not even Strasbourg and that’s a hint]


About maverisk

Maverisk Consultancy, IS Audit and Advisory services: Wikinomics meets governance and audit; otherwise, see my personal LinkedIn profile
This entry was posted in ERM, GRC, Information Risk Management, Information Security, Sociological, psychological notes and tagged , , , , , . Bookmark the permalink.

Your comments are welcomed!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s