Ideas from Security Awareness Survey Respondents
Practical steps to establishing employee security awareness
By Lew McCreary
November 01, 2006 — CSO —
• Live events help lessons sink in. Hold monthly brown-bag awareness lunches for departments or remote facilities.
• Stay in people's faces: Publish a monthly newsletter on current security threats and issues. Report security metrics, both good and bad.
• Find ways of expressing the cost-avoidance benefits of improved security. For example, put a dollar amount on fewer incidents and shorter recovery times.
• Have the CEO and other top executives attend security Q&A meetings (and have them take some questions). Make sure important security memos go out under the CEO's name.
• Have direct contact with employees. Manage by walking around!
• When new threats emerge, act quickly to inform the enterprise. Demystify but don't scare.
• Make awareness initiatives vivid so that they are felt on a personal gut level by individual employees.
• Engage in multimedia education: posters, online tutorials, live events, podcasts.
• Focus on high-value awareness initiatives: loss-prevention in retail businesses, counter-
competitive-intelligence strategies in research-rich environments, data privacy in financial institutions.
*–L.M.
Read more about data protection in CSOonline's Data Protection section.
Other stories by Lew McCreary
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
- Is the title 'security evangelist' really that bad?
I've been watching the recent discussion over the idea of security evangelists with interest, but held off on weighing in because I didn't want to come off as a bandwagon chaser. Now that the dust has settled a bit, it's time for me to opine. Let's review first. - Teenage hackers could be our last, best hope
- Busted: When security tools fail
More Salted Hash with Bill Brenner
