One aspect of IT Security that always seems lacking is in the treatment of Security Awareness, both within organizations and with individual citizens. The book that led me to create this blog, What No One Ever Tells You About Blogging and Podcasting : Real-Life Advice from 101 People Who Successfully Leverage the Power of the Blogosphere by Ted Demopoulos, had a lot of great ideas that can apply to creating a blog on IT Security. One valuable use of blogs can be to enhance Security Awareness within an organization.

It’s a constant struggle for Security Management people to keep people thinking about why and how they need to protect their valuable assets. A blog with an email feed can allow managers to provide frequent updates on the latest threats, security briefing sessions and new policies. Many organizations, as pointed out in Ted’s book, have started to use blogs internally for internal corporate communications. At the very least, security articles should be added to the internal corporate newsletters.

My feeling (unsupported by any methodically administered survey) is that a Security Manager who can get Corporate Marketing to add a weekly security blurb into the internal newsletter will be recognized 4 out of 5 times in the hall by the top executives - especially if you put your picture beside the headlines!

If you need ideas on Security Awareness topics, please let me know.