hpr4615 :: Clicking through an audit

Lee complies with a company audit by clicking 'next' a lot

Hosted by Lee on Friday, 2026-04-10 is flagged as Explicit and is released under a CC-BY-SA license.
Tags: information security, audit. Comments: (Be the first).

Listen in ogg, opus, or mp3 format. Play now:

Duration: 00:57:58
Download the transcription and subtitles.

Part of the series: general.

ISO 27001

from Wikipedia.org:

ISO/IEC 27001 is an information security standard . It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Organizations with an ISMS that meet the standard's requirements can choose to have it certified by an accredited certification body following successful completion of an audit .

Information security audit

from Wikipedia.org:

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes.

Factors contributing to cybersecurity fatigue

Source: Adapted from Factors contributing to cybersecurity fatigue by L. J. J. S. (2024), Abertay University.

Available at: https://rke.abertay.ac.uk/en/publications/factors-contributing-to-cybersecurity-fatigue/

In cloud-based environments, the push for high-security standards often leads to "cybersecurity fatigue," which creates unintended psychological strain on employees.

Constant interruptions from repetitive access requests.
Overload of security checks and decision fatigue.
Lack of clear understanding regarding actual cybersecurity risks.

Impact on Behavior

Fatigue frequently leads to negative outcomes, including the bypassing of security protocols, abandonment of necessary tasks, and total disengagement from mandatory training.

Key Concept

The study highlights "attitudinal fatigue" (an employee's negative mindset toward security) as a major barrier to organizational resilience and compliance.

Strategic Recommendations:

Transition to "contextualized training" that uses relatable, real-world scenarios.
Streamline security workflows to minimize disruption to daily productivity.
Develop targeted interventions.

National Institute of Standards and Technology

2011 Report: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

(Tangentially ) related Episodes

hpr3779 :: Just Because You Can Do a Thing... - Trey
hpr0061 :: Punk Computing - Klattu
hpr0002 :: Customization the Lost Reason - Deepgeek

Comments

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Your Name/Handle:
Title:
Comment:
Anti Spam Question:	What does the letter P in HPR stand for?