My Profile
Active Members
TodayLast 7 Days
more...
Awards & Gifts
Online Exams
Fresher Jobs
Our fresher job section is exclusively for fresh graduates! Find jobs for freshers in major Indian
cities including Bangalore, Chennai, Hyderabad, Pune or Kochi
Resources
Find educational articles, blogs, discussion threads and other resources.
Colleges
Find details about any college in India or search for courses.
|
The true value of information security awareness
Posted Date: 11 Mar 2008 Resource Type: Articles/Knowledge Sharing Category: Computer & Technology
|
Posted By: Olufemi Member Level: Diamond
Rating:  Points: 5
|
|
|
Information security awareness, a specific form of information security control, helps secure information assets by:
.Informing people about information security risks and controls in a general
sense, and providing more specific information and guidance where necessary.
.Emphasizing management’s support for, and commitment to, information security.
.Promulgating the organization’s information security policies, standards,
procedures and guidelines, and externally imposed laws, rules and regulations.
.Motivating people to behave in a more security-conscious manner, for example
taking security risks into account in business decision making.
.Speeding up the identification and notification of security breaches.
What to do to raise awareness of information security?
A planned and coordinated security awareness program helps secure the organization’s information assets by:
.Bringing a disparate range of security awareness, training and educational
measures under management control.
.Providing a management and measurement framework, and a variety of
communications techniques and tools.
.Facilitating disciplinary or legal action against those who fail to comply
with their information security obligations.
.Improving the consistency of application of information security controls.
.Improving the effectiveness information security controls e.g. through the
implementation of new cost -effective and acceptable controls, and the
retirement or redesign of ineffective controls.
.Satisfying the organization’s legal obligations in respect of security
awareness imposed by acts such as HIPAA, GLBA, SOX, FISMA and others.
.Specific activities should be undertaken, such as a security awareness
programme, to promote security awareness to all individuals who have access to
the information and systems of the enterprise. [The] objective [is] to ensure
all relevant individuals understand the key elements of information security
and why it is needed, and understand their personal information security
responsibilities.
.Specific activities should be performed to promote security awareness (the
extent to which staff understand the importance of information security, the
level of security required by the organisation and their individual security
responsibilities – and act accordingly) across the enterprise. These
activities should be:
-Endorsed by top management
-The responsibility of a particular individual, organisational unit, working
group or committee
-Supported by a documented set of objectives
-Delivered as part of an on-going security awareness programme
-Subject to project management disciplines
-Kept up-to-date with current practices and requirements
-Based on the results of a risk assessment
-Aimed at reducing the frequency and magnitude of incidents
-Measurable.
.Security awareness should be promoted to top management, business
managers/users, IT staff and external personnel by providing information
security education/training, such as via computer-based training (CBT) [e.g.
NoticeBored Plus!] and by supplying specialised security awareness material,
such as brochures, reference cards, posters and intranet-based electronic
documents.
.Staff should be provided with guidance to help them understand the meaning of
information security (i.e. the protection of the confidentiality, integrity
and availability of information), the importance of complying with information
security policy and applying associated standards/procedures, and their
personal responsibilities for information security.
.The effectiveness of security awareness should be monitored by measuring and
periodically reviewing the level of security awareness in staff, and the
effectiveness of security awareness activities, for example by monitoring the
frequency and magnitude of incidents experienced.
.Security-positive behavior should be encouraged by making attendance at
security awareness training compulsory, publicizing security successes and
failures throughout the organisation, and linking security to personal
performance objectives/appraisals.”
A lot will be done towards protection of Valued information if some of the suggesstion above is followed.
Olufemi
Nigeria
|
Responses
|
No responses found. Be the first to respond and make money from revenue sharing program.
|
|
Watch TV Channels
Watch Asianet TV onlineKairali TV in InternetSurya TV onlineAmritha TV Channel
|