CyberSecOp.com

View Original

Achieve an Effective Security Awareness Program

For any company, especially technology-oriented ones, being aware about the cyberthreat landscape is critical. There is often the mindset that most cyberattacks can be warded off by procuring and implementing the latest security technologies, and relying on consultants and internal resources to police implementation.

While this passive strategy may yield a certain level of effectiveness, it also takes a high level of active, participatory security awareness on part of both employees and management in order to 100% fortify the lines of defense around the business or corporation.

STEPS TO ACHIEVE AN EFFECTIVE SECURITY AWARENESS PROGRAM

1.     The Major Orienting Components – A comprehensive, participatory information security awareness program should have as its three foundational pillars the principles of confidentiality, integrity, and availability.  While the first two terms speak for themselves, the third is often misapprehended.  Here, it refers to the organization maintaining a comprehensive system of controls over information security such that employees can be assured of having access to all information necessary to perform their roles without risk of breach.

2.     The Protection of Corporate Resources - “Corporate resources” does not just refer to digital assets — it also refers to physical assets, such as paper documents. A security awareness checklist should include the proper usage of document-shredding machines and how the shredded documents should be disposed of.

3.     Protection of Corporate Facilities - Employees should be trained not only in how to look for suspicious behavior from the outside, but from the inside as well.  This will ensure against unauthorized personnel gaining access to the premises for purposes of mounting internal attacks against the information infrastructure.

4.     The Formal Security Awareness Training Program – The corporation should maintain a comprehensive security awareness training program and all employees, irrespective of position with the organization and/or function, should regularly participate.

5.     Determining Levels of Responsibility and Segregation of Duties – All employees involved in the day to day management of security over the corporation’s digital and physical information assets should have their roles clearly defined and responsibilities enumerated and documented in a comprehensive ‘R & R’ policy.

CyberSecOp Security Awareness Courses specializes in helping employees understand the mechanisms of spam, phishing, spear-phishing, malware, and social engineering and are able to apply this knowledge in their day-to-day job. Our Security Awareness training solutions effect meaningful, sustainable changes in any workforce. With CyberSecOp Security Awareness Training, employees are not just aware of the dangers presented by an ever-changing threat landscape: they’re empowered to protect your organization from them.

AUTHOR: RICH FIORE