Security Consulting: Service Providers
How to create a positive and effective cybersecurity environment instead of a shameful culture You can catch more flies with honey than vinegar. Learn some tips to establish a positive reinforcement cybersecurity culture rather than a blame-and-shame game. I once worked in an environment where adding users to Active Directory privileged groups was forbidden except via an official request approved by the individuals' managers. This was carefully monitored, and on one occasion an email went out to a massive group of people stating the policy had been violated and someone who was named directly in the email had updated a group without permission. Several managers admonished the sender for calling out the alleged perpetrator, and one produced the very request that authorized the change, exonerating the individual and causing embarrassment for the accuser, who did apologize. However, that entire email thread should have been a face-to-face, private discussion with the employee and...