How To
Seven Practical Ideas for Security Awareness
Audry Agle suggests steps for creating the culture necessary to protect your organization
By Audry Agle
5. Bring it to their computer screen: If you have a company newsletter, be certain to include a security article in each edition and provide information on the latest incidents that have occurred, particularly in your industry. Supplement your newsletter with a monthly email to all staff with a short message about a timely and relevant topic—PDA safety, emergency preparedness, or a reminder of who to call for suspicious incidents. Provide a Security page on your employee intranet that lists the security policies, important contact information, links, etc.
6. Require training: Training programs will be more effective if you include interactive exercises, contests, games, or give-aways. Try to keep it short, and test comprehension.
7. Walk the walk: Perhaps the most impactful technique is for senior leadership members to display their own penchant for security. If it looks to be important at the top, you can bet it'll be important at the bottom. Advertise internally when someone does something that thwarts a potential attack, or comes up with a control that bolsters the security of your organization in a cost-effective manner. Use incident exercises at all levels, including executive leadership.
Remember that your employees can make or break your security program—keep them engaged in the process by soliciting feedback and suggestions. Provide a phone message line and emailbox—anonymous if necessary. Make it easy to use, non-threatening, and welcome stupid questions.
A security-aware culture is possible in any organization as long as it is the standard by which everyone operates, and concepts are consistently reinforced. ##
Audry Agle, CISSP, CBCP, MBA, is an independent consultant in the San Diego area assisting businesses in the development and maintenance of risk management programs.
audry agle
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
