The title of this article was the quote on the free mug at the recent ENISA sponsored security awareness event at Thomson Reuters in Canary Wharf, which highlighted their focus in support of an on-going awareness programme:

"It has been widely recognised that policies and controls are needed to ensure the security of information on networks and to manage data that enter and leave an organisation. While policies and technology are certainly a critical part of any information security programme, in reality these measures alone cannot deliver an adequate level of information security. Awareness of the related risks and safeguards available is the first line of defence on the long road towards security. Employees are the real perimeter of an organisation’s network and their behaviour is a vital aspect of the overall security picture."

Over the last few years, events associated with significant data losses in both the private and public sectors have raised concerns about leaks of sensitive information to the point where various mandates have been made by the European Commission in tackling cyber theats. ENISA, the European Network and Information Security Agency, is the EU agency dealing with Network and Information Security within the European Union.

Earlier in March 2009, Mr. Andrea Pirotti, Executive Director of ENISA, confirmed the ability of the Agency to support the Comission’s initiatives:

"ENISA is ready to pick up the gavel and support the European Commission in its efforts to address these crucial matters. The Agency is willing to do everything within its mandate to support all necessary actions of the EU and its Member States to combat these threats and to protect the economy of Europe, which, ultimately may be at stake."

Apart from an aggressive counter strategy from the EU, organisations also need to do more in protecting their operations not just from a technological perspective but also from an employee perspective. As a result, ENISA, the European Network and Information Security Agency has launched a range of training videos and posters that organisations can freely download.

ENISA are hoping that events such as this will dispel the recent criticism that ENISA does not ensure an appropriate level of exchange of information. From the SecurityVibes perspective, the event was organised well and very comprehensive with several international businesses contributing their time in explaining how their own awareness programmes have been working, how they have deployed them and the effect on their respective business cultures.

In addition, ENISA was also aware of impact on corporate budgets that such initiatives would bring and had Ernst and Young present on how security officers could get signoff for an awareness project. In addition, ENISA are also producing their own set of videos and posters that are freely available to all organisations within EU member states to use. If you would like to view or use these videos and posters for your own awareness programmes, click on the appropriate references below.

From the ENISA site: ENISA Security Awareness Videos
From the ENISA site: ENISA Security Aware Posters

Other References
SecurityVibes article: How You Can Influence the European Commission on Cyber Crime Matters
SecurityVibes article: European Commission Cracks Down on UK Government Spying