Increasingly, organisations are becoming more and more aware of the crucial role humans play in cyber security. When securing an organisation, humans make up a large part of the risk management actions to be put into place. With this in mind, it is clear that through effective teaching and communication of cyber security practice, people will better be able to protect themselves and their organisations. Therefore, organisations hire individuals to manage the human side of cyber security, to increase knowledge and understanding and therefore reduce cyber security risk.
Security Awareness Officer
A main role working on the human side of cyber security is the security awareness officer role. This role seeks to positively impact cyber security behaviours and create a progressive cyber security culture within an organisation. To do this, the security awareness officer will design, manage and carry out cyber security awareness training and programmes. Programmes must comply with industry and legal regulations, and the awareness officer must ensure that everyone is able to follow and observe them. Understanding the organisation and where the human risks lie is vital in ensuring programmes and training can be effective in reducing the risks posed to the company.
Great communication skills are required for the role of security awareness officer, necessary to establish understanding across-the-board of cyber security practice and expectations. The ability to plan and manage large-scale programmes is also needed, involving maintenance and adaptations to training where required. Also, being motivated to create change is very beneficial to this role in order to promote a strong cyber security culture. It is only through new and inventive approaches to training that employees will engage effectively with programmes and changes will be made. Finally, an understanding of the basic concepts of cyber security and information risks will be required to ensure that programmes and training can be the most effective.