Tip

Security awareness training

 

Security awareness training

You're really only as secure as your users make you. If they don't understand the security measures you have put in place and don't adhere to them, your security will suffer. Training is really the only way to ensure that users are part of the security solution, rather than the problem.

This excerpt from

    Requires Free Membership to View

InformIT discusses some of the steps to take to make sure your users are well trained and prepared to defend your network.

Users are typically not aware of security ramifications caused by certain actions. People who use computer networks as a tool to get their job done want to perform their job functions as efficiently as possible -- and security measures often are more of a nuisance than a help. It is imperative for every corporation to provide employees with adequate training to educate them about the many problems and ramifications of security-related issues.

The security training should be provided to all personnel who design, implement or maintain network systems. This training should include information regarding the types of security and internal control techniques that should be incorporated into the network system development, operations and maintenance aspects.

Individuals assigned responsibilities for network security should be provided with in-depth training regarding the following issues:

  • Security techniques
  • Methodologies for evaluating threats and vulnerabilities
  • Selection criteria and implementation of controls
  • The importance of what is at risk if security is not maintained

For large corporate networks, it is good practice to have a LAN administrator for each LAN that connects to the corporate backbone. These LAN administrators can be the focal point for disseminating information regarding activities affecting the LAN.

Rules to abide by typically should exist before connecting a LAN to the corporate backbone. Some of these rules are as follows:

  • Provide documentation on network infrastructure layout
  • Provide controlled software downloads
  • Provide adequate user training

Training is also necessary for personnel in charge of giving out passwords. This personnel should ensure that proper credentials are shown before reinstating a "forgotten" password. There have been many publicized incidents in which people received new passwords simply by acting aggravated enough but without presenting adequate credentials. Giving out passwords in this fashion can have serious-enough ramifications that the person who bypasses known regulations should be terminated.


Read more of this article at InformIT. Registration is required, but it is free.


This was first published in November 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.