Security awareness programs are now an essential component of doing – and staying in – business for nearly every company of any size. But starting one company-wide awareness program and then switching to another mid-program is a big mistake that will cost you time, money and morale.
What Is a Security Awareness Program?
A security awareness program is usually defined as a set of materials, courses and policies designed to educate as well as update employees about issues related to keeping networks, information, finances and other assets protected from thieves.
In other words, it’s like placing a digital padlock on all aspects of your business: You’re making sure everyone knows the rules and that only authorized people have access. This is security awareness in a nutshell. Since much of what is being protected is data, it’s sometimes referred to as information security awareness.
Security, and security awareness, work best if there is a clear chain of command. In larger corporations, the CISO and CTO are usually at the top and working in tandem to make secure security protocols are established as well as implemented. They will allocate the budgets and manpower available to make this happen.
With smaller companies, you may just have a senior IT person or an outside security staff. Whatever their title, the person or persons in charge will have to make sure the program is implemented correctly, completed by everyone and its lessons and messages understood. To spread the word, many companies create the role of security champion, who help put a human face on the problem.
Last but not least, the entire workforce within the different departments that must take time out of their day to be educated.
Elements of an Effective Security Awareness Program
That said, not all security awareness programs are equal. (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Stephen Moramarco. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/-QaBa2Aj6FM/