Manage Learn to apply best practices and optimize your operations.

Managing infosec personnel

What should managment do to be sure that the IT security group is doing their job? What should IT security do to reassure management that they are doing their job?

A measure of the effectiveness of a program for users and management includes:

* Reduced internal and external audit findings or auditing findings with minimal negative impact.

* Enhanced day-to-day security practices from the user community (work area walk-throughs indicate voluntary compliance with guidelines such as passwords not taped to terminals, sensitive information not left on desktop, use of screen saver passwords, etc.).

* A reduction in the number of help desk calls and security incidents.

* Users voluntarily reporting security incidents.

* Voluntary participation in security programs.

* Positive feedback after security training (including classroom and CBT?s). High "retention-to-presentation" ratio of material by participants.

* Provide a forum for informational exchanges between user community, management and security function.

* Reduced company liability for negligence and breach of fiduciary responsibility.

* Brand recognition of security function. (Users being able to discern between physical/corporate security and logical security mission.)

This was last published in July 2001

Dig Deeper on Security Awareness Training and Internal Threats-Information

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.