Employee information security awareness training for new IAM systems

BROWSE BY TAG Identity Management and Access Control,   Security Awareness Training and Internal Threats,   Information Security Management,   Information Security Policies, Procedures and Guidelines,   VIEW ALL TAGS

RELATED CONTENT Identity Management and Access Control How to find and remove keyloggers and prevent spyware installation How to encrypt passwords using network security certificates Prevent meet-in-the-middle attacks with TDES encryption How to use single sign-on (SSO) for a server configuration Choosing management for Active Directory user provisioning LDAP signing requirements for various directory configurations User account best practices for an investment management website How to determine password strength for a website The pros and cons of implementing smart cards Keep files from being deleted by assigning read and execute permission Security Awareness Training and Internal Threats CISOs take measured steps to reduce social media risks Information security book excerpts and reviews Schneier-Ranum face-off, part 2: Social networking Health Net breach failure of security policy, technology Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Secure your remote users in 2010 Layoffs prompt insider threat fears, cybersecurity survey finds How to use Internet security threat reports Creating a HIPAA employee training program Information Security Policies, Procedures and Guidelines Balancing security, business case for consumer products in enterprise Schneier-Ranum face-off part 6: Audience questions Editor's Desk: Apathy and the Cybersecurity Coordinator Writing security policies using a taxonomy-based approach How to detect and respond to money laundering Health Net breach failure of security policy, technology How to protect distributed information flows Whitelists, SaaS modify traditional security, tackle flaws Melissa Hathaway urges more cooperation, government attention to cybersecurity Reuters: Obama ready to select cyber security czar

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary dumpster diving  (SearchSecurity.com) Honeynet Project  (SearchSecurity.com) insider threat  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) pretexting  (SearchCIO.com) shoulder surfing  (SearchSecurity.com) single-factor authentication (SFA)  (SearchSecurity.com) social engineering  (SearchSecurity.com) Total Information Awareness  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

EXPERT RESPONSE FROM: David Griffeth, past SearchSecurity.com expert Pose a Question Other Security Categories Meet all Security Experts Become an Expert for this site

ANSWERED January 2009:
As with any new security initiative, it's important that the user community understand not only how to use the new systems and technologies, but also why they've been implemented. Often, the most cost-effective way to do this is by using a third party specializing in training, specifically information security training, if possible. A good training company will offer several training options, including Web-based and in person. The company should also be able to customize the modules for different user populations and departments in your enterprise, track participation, and be globally positioned if needed.A couple of the possible options available include SafeLight Security Advisors Inc. or Vigilar Inc.

Because implementing a Web access control product like SiteMinder often means fewer privileges, not more, you should also make sure that the helpdesk is aware of this change and there are clearly documented processes for users requesting access to intranet sites. You may be able to create dynamic roles based on LDAP attributes, but you should be prepared for the eventuality of users losing access to an online resource needed for their work. If he or she is aware and well-trained on how the system works, the resource owner should be able to work with the SiteMinder administrators to implement the proper controls in a timely manner.

For more information:

• Learn more about how to get information security buy-in from the executive team.
• Should social engineering tests be included in penetration testing? Read more.