Log in to become a member of Claudio LoCicero's Fan Club!
Risks to confidentiality, integrity, and availability of organizational information assets are constant, yet evolve on a daily basis. Individuals need to be informed and prepared for information security threats directed towards them, their computers, and ultimately their way of life. These threats take on many forms, but they all fit in certain established and identifiable categories. An individual’s ability to distinguish between benign incidents and an actual information security threat or risk rests on the breadth and depth of security awareness training they have received.
Proposing that an Information Security Awareness Program be developed for the employees of your organization to educate them on the information security risks they face while utilizing organizational information assets, and by extension, their personal information is a wise move for IT executives to make. The awareness program can be developed in conjunction with the implementation of an overall IT Governance methodology such as COBIT or as a standalone program depending on the IT maturity level of your organization.
Firewalls, intrusion detection, and intrusion prevention systems, although a requirement for today’s network, can not completely defend an organization from current security threats. Organizations need to ensure that their employees, vendors, partners, and subcontractors will not leave the organization vulnerable to various risks such as operational disruptions, loss of valuable informational assets, public embarrassment, or legal liability due to a lack of information security awareness.
There is not only a clear need from a practical standpoint to ensure individuals receive adequate and properly funded training in the protection of organizational and personal information assets, but depending on your organization’s industry there may also be regulatory requirements such as HIPAA and SOX to do so. The development and implementation of an information security awareness program should encompass a mandatory annual refresher component to ensure the promotion of a security aware culture among employees.
Information security has become a key concern among information technology professionals and that concern, when shared by management, will benefit organizations as a whole. Top-down management support is crucial for the survival of the program and its goal of creating a culture of information security awareness within the organization. The program would also be a valuable component of showing that executive management is performing due diligence in securing organizational information assets.
Written by Claudio LoCicero, M.S.
Over his career he has held several technical and management
positions both in the United
States and overseas within the private and
government sectors.Claudio LoCicero
holds a Master of Science in Information Technology with an Information
Security Specialization.He also holds
numerous professional certifications such as the PMP, CISM, CISSP, ITILF, along
with several certifications from Cisco, Microsoft, and the NSA.
Disclaimer: All information on this site is provided for informational purposes only! By no means is any
information presented herein intended to substitute for the advice provided to you by any health care or other professional
or organization.
