Home > Security Tips > Compliance Counselor > Security awareness training
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

COMPLIANCE COUNSELOR

Security awareness training


InformIT
11.20.2001
Rating: -3.38- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


 

Security awareness training

You're really only as secure as your users make you. If they don't understand the security measures you have put in place and don't adhere to them, your security will suffer. Training is really the only way to ensure that users are part of the security solution, rather than the problem.

This excerpt from InformIT discusses some of the steps to take to make sure your users are well trained and prepared to defend your network.

Users are typically not aware of security ramifications caused by certain actions. People who use computer networks as a tool to get their job done want to perform their job functions as efficiently as possible -- and security measures often are more of a nuisance than a help. It is imperative for every corporation to provide employees with adequate training to educate them about the many problems and ramifications of security-related issues.

The security training should be provided to all personnel who design, implement or maintain network systems. This training should include information regarding the types of security and internal control techniques that should be incorporated into the network system development, operations and maintenance aspects.

Individuals assigned responsibilities for network security should be provided with in-depth training regarding the following issues:

  • Security techniques
  • Methodologies for evaluating threats and vulnerabilities
  • Selection criteria and implementation of controls
  • The importance of what is at risk if security is not maintained

For large corporate networks, it is good practice to have a LAN administrator for each LAN that connects to the corporate backbone. These LAN administrators can be the focal point for disseminating information regarding activities affecting the LAN.

Rules to abide by typically should exist before connecting a LAN to the corporate backbone. Some of these rules are as follows:

  • Provide documentation on network infrastructure layout
  • Provide controlled software downloads
  • Provide adequate user training

Training is also necessary for personnel in charge of giving out passwords. This personnel should ensure that proper credentials are shown before reinstating a "forgotten" password. There have been many publicized incidents in which people received new passwords simply by acting aggravated enough but without presenting adequate credentials. Giving out passwords in this fashion can have serious-enough ramifications that the person who bypasses known regulations should be terminated.

Read more of this article at InformIT. Registration is required, but it is free.

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Compliance Counselor,   Security Management,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Compliance Counselor
Benefits of ISO 27001 and ISO 27002 certification for your enterprise
Identity lifecycle management for security and compliance
Interpreting 'risk' in the Massachusetts data protection law
FTC Red Flags Rules: How to create an identity theft prevention plan
Creating a HIPAA employee training program
Data protection tips for corporate compliance leaders
PCI DSS compliance requirements: Ensuring data integrity
Understanding PCI DSS compliance requirements for log management
Are 'strong authentication' methods strong enough for compliance?
Strategies for using technology to enable automated compliance

Security Management
Smart shopper's guide to correlation tools
What's your infosec IQ?
Countdown begins for Mydoom DDoS attacks
Hackers scanning for ports opened by Mydoom
National cybersecurity alert system launched
Dangerous, familiar application vulnerabilities top list
Potent Mydoom worm flooding inboxes
SSL VPNs stealing IPSec's thunder
Security insurance may be a smart policy for some
China official makes information security a priority

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts