Q

Managing infosec personnel

What should managment do to be sure that the IT security group is doing their job? What should IT security do to reassure management that they are doing their job?


A measure of the effectiveness of a program for users and management includes:

* Reduced internal and external audit findings or auditing findings with minimal negative impact.

* Enhanced day-to-day security practices from the user community (work area walk-throughs indicate voluntary compliance with guidelines such as passwords not taped to terminals, sensitive information not left on desktop, use of screen saver passwords, etc.).

* A reduction in the number of help desk calls and security incidents.

* Users voluntarily reporting security incidents.

* Voluntary participation in security programs.

* Positive feedback after security training (including classroom and CBT?s). High "retention-to-presentation" ratio of material by participants.

* Provide a forum for informational exchanges between user community, management and security function.

* Reduced company liability for negligence and breach of fiduciary responsibility.

* Brand recognition of security function. (Users being able to discern between physical/corporate security and logical security mission.)


This was first published in July 2001

Dig deeper on Security Awareness Training and Internal Threats-Information

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close