Ryze - Business Networking Get a Coderbuddy developer now
www.coderbuddy.com

"I Highly Recommend Them" - Magnitude.io CEO; US timezone; affordable rates; Silicon Valley leadership
Get your software built!
Buy Ethereum and Bitcoin
Get started with Cryptocurrency investing
Home Invite Friends Networks Friends classifieds
Home

Apply for Membership

About Ryze


Privacy & Data Security

Top [This Network is not currently active and cannot accept new posts]
<- Previous Next ->

498 hits
Apr 29, 2003 11:48 pm Security Awareness & Training
. .

Folks,

NIST has posted the second draft of a security awareness and training
guide (74 pages). It's quite comprehensive.

http://csrc.nist.gov/publications/drafts/SP800-50-version2Draft.pdf

In my opinion, security awareness program begins with:

* Senior management (letter of support, repeated annually)
* Clear policies and procedures (signed by employees)
* Security included in job descriptions and performance reviews
* Awareness handbooks
* Awareness briefing for new employees
* Educate users with INFOSEC tidbits, luncheons, security web site, posters, etc.
* Formal security training for system administrators (budgeted annually)
* Basic security training and tests for the user community (depends on culture)
* Security representatives at each site (large organizations should consider each section too)
* Information security day
* Audits: office space reviews, attempts to gain access, annual self assessment surveys, etc.

The key is to make security a part of everyone's day without being obnoxious or repetitive. An awareness program requires creativity and constant care and feeding.

Tips should advise of best practices and reinforce policy. An awareness program cannot be conducted in a vacuum. Consider the current security culture and choose your battles. It takes time to make a change.

Lead by example. If you believe in security and explain why, it is much easier to bring others around to your way of thinking. Finally, ensure that security does not negatively impact productivity.

Well, that's a start at least...

Private Reply to . . (new win)





Ryze Admin - Support   |   About Ryze



Ryze Android preview app

Testing Gets Real: blog on A/B testing, building businesses with feedback loops, by Adrian Scott

© Ryze Limited. Ryze is a trademark of Ryze Limited.  Terms of Service, including the Privacy Policy