Your employees read and absorb the information security advisory and acceptable use policies as the next Harry Potter? Or you have a suspicion that your work will be read or may not be instantly forgotten ?
AUP achieve disconnection policy and information security can be very problematic for CISO . However,
to ensure that these changes are implemented immediately by an employee
organization any time of the poor and the information overload is a
real headache .
Allow mobile devices as an example . Most of the organizations with which they come in contact with today are fully embrace the mobile revolution . Those
traditionally one mobile platform now supports multiple platforms and
those who have a general prohibition on the shelves are taking advantage
of agility is supported. Symantec 2012 State of Mobility is interesting to read about this growing trend.
We have reached a point where it is used almost as much as the desktop and handheld mobile devices. Research,
such as that provided for Morgan Stanley Mobile Internet Report also
indicates that it will not be long before mobile phones and tablets
become the main way people connect to the Internet. Why the emphasis is always on computers when it comes to information security ?
Most
recognize that almost all security vulnerabilities that may arise can
be produced by a computer using a mobile phone or tablet . Most
have also heard a story or two about personal online activities of an
employee following a disaster for an organization - especially because
of access or store sensitive information on the device without personal
guarantee . However, titles and new surveys always place your organizations approach security in computers and networks. In
addition, there is great concern that many organizations do not yet
have a policy of competent staff in the use of personal devices at work.
That said, the creation of a long list of things to do and mobile security is not the most effective solution. In fact, the backbone of its awareness campaign on safety of employees must not be specific to the hardware at all.
While
there are certainly steps to consider when different devices are used ,
awareness campaigns should focus on information first . Once
the employee understands the need to protect the information , there is
an upper searching weaknesses of different devices natural tendency .
In the information security policy of the mind and AUP are evolving documents. Unfortunately
, organizations have spent considerable time and resources building a
vision of effective employee information security can sometimes stop
this mentality change depending on policy changes . I
use mobile devices as an example because many organizations are
implementing major policy changes to meet the extreme risks they pose.
The point is this : each policy developments must be accompanied by a change in the minds of employees. The two are intrinsically linked . Therefore,
using the same knowledge of the brand campaign to align the specific
category of instructions relating to information security , new messages
should be communicated in a compelling, fun and memorable way to change
slightly what is already learned .
Indeed,
" Crush ," which has previously been communicated in a manner that
confuses or employees or perceived changes in the direction irritates .
Article
10 Security assets to help customers transform their employees into
ambassadors of information security while helping you review your
security policies
