We are in the process of establishing an Information Security Forum in our Information Technology Division of our organization. This forum will consist of representatives from each department of the Information Technology Division.
Can you please provide some suggestions as to what typical agenda items such a forum should cover in their meetings?
I feel end-user education is a key security issue. One recurring agenda item could be a quick tutorial in some aspect of security. I have found that once end users really understand what security is trying to do, they are much more open to changes. Security is often this secretive aspect of the company that performs audits and enforces rules. Most employees are scared by that. I would also use this forum to get feedback from end users regarding current practices. Overall open communication is best. Use this forum to get input on security policies, new technologies the company is considering, set up beta groups, etc.
For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Employee Security Education
Executive Security Briefing: Security training: A call to arms
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.