For any company, especially technology-oriented ones, being aware about the cyberthreat landscape is critical. There is often the mindset that most cyberattacks can be warded off by procuring and implementing the latest security technologies. While to a certain degree this may be true, it also takes a high level of security awareness on part of both employees and management in order to 100% fortify the lines of defense around the business or corporation.
In this article, we will examine the major components that need to be included in any security checklist.
One of the key aspects of any security awareness checklist is to address the components of the “CIA” triad. CIA is an acronym that stands for Confidentiality, Integrity and Availability.
This refers to the protection and safeguarding of both information and data from unauthorized access and usage. For example, for a healthcare-related technology company, this would mean that all patient records are highly-restricted and available only to those personnel who absolutely require them. In this regard, security awareness means training your employees in the best practices of how to protect the resources they are using in their daily job tasks.
An area that needs to be addressed is the issue of “piggybacking.” This is when a temporary employee or contractor closely follows the movements of a regular employee in an attempt to garner their login credentials. It should be stipulated in the security awareness checklist that such actions should be immediately reported to the IT staff and that employee’s manager.
This term refers to the fact that any information and data transmitted remains in an unaltered state from the point of origin to the point of destination.
A perfect example of this is when an employee remotely logs into the corporate server from their company-issued laptop (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Ravi Das (writer/revisions editor). Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/7RNwArUvOhw/