By Dominic Vogel at TechRepublic.com…
Over the past several months, since notable security professional Dave Aitel proclaimed that security awareness was a complete waste of time, much has been written both for and against his arguments. I am not going to bother to add to the litany of articles. Regardless of your opinion about security awareness as a risk mitigating control, all information security professionals should be capable of at least describing, at a high-level, the concept of security awareness. Picture this scenario: you are tasked with talking about security awareness with your business colleagues. One stipulation – you have only five minutes to deliver your message. So other than constructing a machine to slow down time, how would you attempt to effectively describe security awareness in 300 seconds? My approach: take out all the techno-babble and appeal to people’s common sense.
via Five-minute security: The elevator pitch | TechRepublic.