IT Security Awareness Programs

By Peter Lindley

It’s an accepted fundamental of IT Security: the weakest point is almost always the user. Most surveys and annual security reports will show that incidents caused by the user will represent the highest percentage by far of those reported or detected. And by the same token, the best “bang for your buck” for security incident prevention is invariably the security awareness program. But what exactly is a security awareness program? What should it include? I was once appointed to a recently-formed organization as its IT Security Manager. I was tasked with implementing and managing an Information Security Management System (ISMS) for the new body. A team of consultants had developed a number of IT security policies and security operating procedures (SyOps) as part of the ISMS prior to my appointment. These included a main overarching System Security Policy with various detailed policies specific to particular areas (for example, an incident reporting policy) supported by a number of S…

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *