Building Blocks of the Human Firewall
A company is a melting pot of skills and competencies. It is important to segment the audience of security awareness to deliver a message tailored to each part of the audience. Basic segments, apart from all end users of the company, are the executives because they drive changes—as well as the IT team and the security team.
The Foundation of the Human Firewall Lies in Security
Everyone agrees that only a clear message results in effective communication. However, as amazing as it appears, experience (as in what is happening on the field as opposed to what is written in the books) shows that the basic concepts of security are subject to discussion within a single security team.
As an example, although policies, standards, and guidelines have clear directive roles within a security framework, they often are the center of debate to know whether a control should be addressed by a policy, a standard, or a guideline. Such internal misalignment results in a lack of consistency in the voice of security.
IT Teams are the Front Line of the Human Firewall Architecture
Human firewall often refers to the end user, but the first line of defense is actually the stakeholders of the information technology processes, which are the DMZ of the human firewall architecture.
The stakeholders provide and support the services, yet do not necessarily have the skills, time, and visibility to think about and apply security. This is a primary audience for awareness.