Tweeks ago, at this successful! symposium, I noted the developments in the Awareness side of our IRM business. Multiple speakers were onto the subject without hesitating to move beyond the mere annual poster campaign for awareness, and moving into the daily-normal subconscious behavioral change work that was for a long time so much lacking. From ISO 2700x as well.
Which of course is a very, very good thing. Before the 80% of hard work in IRM as such (after discounting the first 80% in hardcore information security), the 80-100% of effort should go into this socio-/psycho-/behavioral fluffy stuff that yields so many benefits and returns. Though we ‘still’ may not be good at it, at least there is development, and leading examples. Thanks, speakers, for that; and for now:
[Your guess. No, not Paris, Reims; not even Strasbourg and that’s a hint]