Ask the Expert

Managing infosec personnel

What should managment do to be sure that the IT security group is doing their job? What should IT security do to reassure management that they are doing their job?


    Requires Free Membership to View

A measure of the effectiveness of a program for users and management includes:

* Reduced internal and external audit findings or auditing findings with minimal negative impact.

* Enhanced day-to-day security practices from the user community (work area walk-throughs indicate voluntary compliance with guidelines such as passwords not taped to terminals, sensitive information not left on desktop, use of screen saver passwords, etc.).

* A reduction in the number of help desk calls and security incidents.

* Users voluntarily reporting security incidents.

* Voluntary participation in security programs.

* Positive feedback after security training (including classroom and CBT?s). High "retention-to-presentation" ratio of material by participants.

* Provide a forum for informational exchanges between user community, management and security function.

* Reduced company liability for negligence and breach of fiduciary responsibility.

* Brand recognition of security function. (Users being able to discern between physical/corporate security and logical security mission.)


This was first published in July 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: