Risks to confidentiality, integrity, and availability of organizational information assets are constant, yet evolve on a daily basis. Individuals need to be informed and prepared for information security threats directed towards them, their computers, and ultimately their way of life. These threats take on many forms, but they all fit in certain established and identifiable categories. An individual's ability to distinguish between benign incidents and an actual information security threat or risk rests on the breadth and depth of security awareness training they have received.
Proposing that an Information Security Awareness Program be developed for the employees of your organization to educate them on the information security risks they face while utilizing organizational information assets, and by extension, their personal information is a wise move for IT executives to make. The awareness program can be developed in conjunction with the implementation of an overall IT Governance methodology such as COBIT or as a standalone program depending on the IT maturity level of your organization.
Firewalls, intrusion detection, and intrusion prevention systems, although a requirement for today's network, can not completely defend an organization from current security threats. Organizations need to ensure that their employees, vendors, partners, and subcontractors will not leave the organization vulnerable to various risks such as operational disruptions, loss of valuable informational assets, public embarrassment, or legal liability due to a lack of information security awareness.
There is not only a clear need from a practical standpoint to ensure individuals receive adequate and properly funded training in the protection of organizational and personal information assets, but depending on your organization's industry there may also be regulatory requirements such as HIPAA and SOX to do so. The development and implementation of an information security awareness program should encompass a mandatory annual refresher component to ensure the promotion of a security aware culture among employees.
Information security has become a key concern among information technology professionals and that concern, when shared by management, will benefit organizations as a whole. Top-down management support is crucial for the survival of the program and its goal of creating a culture of information security awareness within the organization. The program would also be a valuable component of showing that executive management is performing due diligence in securing organizational information assets.
Written by Claudio LoCicero, M.S.
Over his career he has held several technical and management positions both in the United States and overseas within the private and government sectors.
He holds a Master of Science in Information Technology with an Information Security Specialization from a university designated as a National Security Agency Certified Center of Academic Excellence for Information Assurance. He also holds numerous professional certifications such as the Project Management Professional (PMP), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Technology Infrastructure Library (ITIL) Foundation, along with several other professional certifications from Cisco, Microsoft, and the National Security Agency (NSA).
He is an active member of the International Information Systems Security Certification Consortium (ISC2), Information Systems Audit and Control Association (ISACA), Information Systems Security Association (ISSA), and the Project Management Institute (PMI).
Article Source: http://EzineArticles.com/?expert=Claudio_Locicero
Article Source: http://EzineArticles.com/741389
By Claudio Locicero
Tidak ada komentar:
Posting Komentar