HIMIS: Human Impact Management for Information Security
HIMIS is a methodology with an objective to reduce information security risks that occur due to human mistakes. To achieve this objective, HIMIS views the human factor as two distinct, but interdependent components, viz. “awareness” and “behaviour”. Awareness is “to know” and behaviour is “to do or to react”. Awareness and behaviour are not the same, though they are interdependent. High awareness does not mean that information security risks due to human mistakes are less. Positive change in behaviour is the key.
To achieve confidence that information security risks due to human risks have reduced, it is necessary to have more security awareness and responsible behaviour from the workforce while handling information. HIMIS helps you to first, define the information security awareness and behaviour requirements, second, build a strategy for awareness and behaviour management, third, deliver the program and four, verify, whether the awareness has increased and whether behaviour of the workforce has improved while handling information. The HIMIS methodology is built on the belief that the true reward of a good information security awareness program is positive change in behaviour.
HIMIS: Quick overview
This short tutorial provides a quick overview of HIMIS in less than 5 minutes. Click on the image on the right to view.
The HIMIS methodology
Latest version Download here
Previous version Download here
The HIMIS Conformance Levels and Assessment Model
HIMIS ESP’s (Expected Security Practices) with security “awareness” and “behavior” assessment guidance
Basic guidelines to perform social engineering tests to measure information security behavior:
These guidelines can be used in conjunction with ESP’s to perform information security awareness audits. Download here
Contributed by Thomas Kurian Ambattu.
