provided by Kevin Pietersma, Information Security Architect, University of Toronto Security is a business requirement, which can have a technical expression.IT Security is the immune system in the body of IT.Information security is the immune system in the body of business.provided by Nandita Divakaran, Creative Writer, Muscat Protecting PII is everyone's job PII is not everyone's business.To show our respect, we protect personal information that we collect.Don't share protected personal information with strangers. Good security increases shareholder value.Before sharing PII, know who, what, and why.Report data spills before molehills become mountains or small leaks become fountains.Report actual or suspected spills of PII. (* PII stands for Personally Identifiable Information) Before you give PII* to anyone, make sure that access is allowed. Don't leave data or portable computing devices alone and in view. Use anti-malware programs to prevent virus infections. If left laying around, they'll create a stinky mess. You wouldn't share your ATM pin, so why would you share your password?.Don't let your trash become someone else's treasure.See something wrong? Do something right.Amateurs hack systems, professionals hack people.Phishing: If you suspect deceit, hit delete!.Give your computer a rest when you're not at your desk. Leave a clear desk while you're away and at the end of each day.If something sounds too good to be true… there’s probably a scammer behind it.Before leaving the scene, clear your desk and your screen.What would you word differently, what do you think is missing or should be changed? Post your feedback in the comments area.Security Slogans Security Awareness Slogans, Mottos, Tag lines, Catch Phrases, Maxims. Perhaps instead of calling it " Security Awareness Officer" we should say " Security Communications Officer". In addition have at a minimum a basic understanding of the different concepts of information security.Īfter writing this description, I noticed how often the word ' communication' is in the description, far more then the word ' security' is. Understanding of the concepts of information risks and the different elements that make up risk.Ability to communicate with and coordinate the activities of others.Display practical knowledge of different message distribution techniques to ensure end user communities understand and continually apply the required behavioral change necessary to reduce the ‘human factors’ risk.Project management experience, the ability to plan, manage and maintain a complex, organization wide program over the longer term.This can include different cultures, nationalities, international locations and languages. Ability to form complex ‘communications / messages’ in a simple, clear and concise manner to the various communities within our organization.Create a metrics framework that can effectively measure these requirements.Structure and maintain this program to be long term, so ultimately we are not changing just behaviors but culture.Ultimately we want our employees to demonstrate the same secure behaviors regardless of where they are or the devices they are using. Create a positive program that engages employees, to include focusing on changing behaviors both at home and at work.Develop and maintain a security awareness program that effectively changes these behaviors so our employees act in a secure manner, reducing the most risk to our organization. Identify the top human risks to our organization and the behaviors we need to change to mitigate those risks.Ensure that our security awareness program communicates our security policies and requirements so that people know, understand and can follow them.Ensure that our security awareness program meets all industry regulations, standards, and compliance requirements.Our Security Awareness Program Requirements Ultimately this person’s job is to reduce risk to our organization by ensuring all employees, staff and contractors know, understand and follow our security requirements and behave in a secure manner. This individual is overall responsible for our security awareness and education program. Below is an attempt to describe what the job description of a security awareness officer could look like. To achieve that, you need the right person in charge. The days of just compliance focused training are gone, we need to also effectively change behavior. Organizations around the world are beginning to address the human when securing their organization. Immediately apply the skills and techniques learned in SANS courses, ranges, and summits
0 Comments
Leave a Reply. |