ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Social Learning and Security Awareness

Social Learning and Security Awareness

Kerry A. Anderson, CISA, CISM, CGEIT, CRISC, CCSK, CFE, CISSP, CSSLP, ISSAP, ISSMP
| Published: 6/20/2016 3:06 PM | Permalink | Email this Post | Comments (0)

A workplace is a social place, and much of the learning that occurs there is social learning. Social learning occurs through observation of other individuals’ actions and behaviors. It is not a mere imitation of the behaviors of others in an environment, but a reasoning process in which the individual examines others’ behaviors and makes conscious decisions about whether to adopt or reject this learning. Social learning occurs continually, although we might not be aware that it is taking place.

One motivation for social learning in the workplace is the individual’s desire to fit into the environment. Social learning is relevant to promoting secure behaviors in the workplace. It is not limited to the physical world, but extends to the virtual world by using social media tools. It can be incorporated into existing security awareness efforts to strengthen them. Social learning is beneficial across all generations, but especially to millennials because of their early adoption of social media as a core communication and connectivity mechanism.

The influence of workplace peers affects the adoption of secure behaviors and adherence to policies. If coworkers fail to observe security policies or exhibit insecure behaviors, other employees are likely to follow their example. Coworkers' behaviors will have a stronger influence than words as the result of social learning. Social learning can augment existing security awareness efforts. The inclusion of social learning may overcome the challenges created by electronic distractions in communicating security awareness messages. In fact, social learning using a social media channel can assist security awareness. This can include the use of an entertaining video or the recruitment of employees to blog about security-related issues by sponsoring a contest for the best security blog each month. 

Read Kerry A. Anderson’s recent Journal article:
Security in an Age of Distraction,” ISACA Journal, volume 3, 2016.

Comments

There are no comments yet for this post.
Email