Successful Security Means “Employee Involvement”

Slides:

Advertisements

Similar presentations

Top Ten Things You Know But Don’t Remember!. Who is the responsible Party? You are responsible for your own work!! Sent or Received!!

Advertisements

Factors to be taken into account when designing ICT Security Policies

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Business Processes and Workflow How to go from idea to implementation

Glacier Foreign National Tax Software. What does Glacier Do?  Maintains data entered by the Foreign National  Determines:  Residency for Tax Purposes.

Complying with Acceptable Use Policies.  AUP  Code of Conduct for Internet Use  Used by Organizations and Businesses  Outlines agreement in writing.

Concur Travel and Expense Management Travel Request.

helping to develop corporate aims and objectives

The Economy and Economics

Cabarrus County schools SECURITY, Social Media POLICY AND BYOT

Responding to a Data Breach 360° of IT Compliance

Policy & Procedure Writing

Decrypting Data Compliance in China

Presented by: Sandi James - The Resource Group

Welcome to YourHR.space

Advanced Technical Writing

Copyright William J Capehart 2015

How to Use the Integrated Management System

Health & Safety Committee Training Day 2014

What is a Flow Chart? An organized combination of shapes, lines, and text that graphically illustrates a process or structure A pictorial representation.

What is a Flow Chart ? An organized combination of shapes, lines, and text that graphically illustrates a process or structure A pictorial representation.

Central Ideas… Learning the Details.

Requesting Access to POP on Intel’s Supplier Presence Site - External Users Feb 28, 2012.

New Employee Orientation

First Five Minutes is Worth the Next Five Hours

Project Management: Monitoring Scope, Schedule, Cost Quality, Communications Professor Akhilesh Bajaj The University of Tulsa ©Akhilesh Bajaj 2013.

Why ISO 27001? Subtitle or presenter

Strategic Plan Framework for Corporate Long Term Vision

Unit 1 American Revolution

Patricia Whiting Harvard Legal Aid Bureau

If You Can’t Prove It, It Didn’t Happen

Professional Ethical Behavior

Chapter 14 Decision Making and Control

Information management and communication

Concur Travel and Expense Management

Lesson Objectives Aims Key Words

RB Controls Clocking in and out follow ups inner office s

Why ISO 27001? MARIANNE ENGELBRECHT

Authentication & the Web

Stakeholders BOH4M.

Team Leader Training The Forwarded

Introduction to ISO & The Quality Process.

Dr. Rob Hasker SE 3800 Note 9 Reviews.

#rules Why should we have rules in school?

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Basic Skills Count Applying Other Skills

Topic 5: Communication and the Internet

Observations vs. Inferences

Belonging… Not everyone belongs… Who? Why not?

Writing Response Vocabulary

Actions have ? consequences.

Report Writing.

Computer Networks Lesson 5.

EMPLOYEE RESPONSIBILITIES FOR WEB BASED TRAINING AND COMMUNICATION

CORE 3: Unit 3 - Part D Change depends on…

RB Controls Clocking in and out follow ups inner office s

Anuj Dube Jimmy Lambert Michael McClendon

INTOSAI IT AUDIT TRAINING

Summary of Day One Discussion

Four Rules for Effective Writing

We all rise… …or we all fall.

Sioux City Community Schools Computer System

What’s the QUESTION? Do Now!

Self-Regulation Strategies

How to Conduct Effectively

Kickoff Presentation Date

What was Happening? A lot of talking, not a lot of action.

Presentation transcript:

Successful Security Means “Employee Involvement”

Key Ingredients Understanding Training Small & Memorable Everybody Signs There Are Consequences Understanding: Everyone with access needs to understand why security is important and what their role is. Training: All Employee’s and especially New Employee’s must understand corporate security policy and sign a copy indicating they understand and will comply. Small & Memorable: Security Policy documents should be broken down into small memorable pieces (none longer than one page). This includes all forms of access and controls (passwords, tokens, keycards, acceptable usage) Everybody Signs: All employee’s must be required to sign-off on the security policy. Buy-in comes from signing your name. Consequences: The teeth of any security policy are the “consequences” of not complying. They must be clear and straightforward. If you do x, y will happen. Continually Request Input: Communication, Communication, Communication, what seems logical at the beginning may have undesirable results in practice. Practical process must be evolutionary. Neighborhood Watch: Everyone must be looking out for people, or things that are out of the ordinary, or just don’t belong. Continually Request Input “Neighborhood Watch” Mentality

Key Ingredient Notes Understanding: Everyone with access needs to understand why security is important and what their role is. Training: All Employee’s and especially New Employee’s must understand corporate security policy and sign a copy indicating they understand and will comply. Small & Memorable: Security Policy documents should be broken down into small memorable pieces (none longer than one page). This includes all forms of access and controls (passwords, tokens, keycards, acceptable usage) Everybody Signs: All employee’s must be required to sign-off on the security policy. Buy-in comes from signing your name. Consequences: The teeth of any security policy are the “consequences” of not complying. They must be clear and straightforward. If you do x, y will happen. Continually Request Input: Communication, Communication, Communication, what seems logical at the beginning may have undesirable results in practice. Practical process must be evolutionary. Neighborhood Watch: Everyone must be looking out for people, or things that are out of the ordinary, or just don’t belong.