Welcome to the tenth issue of ISO17799 News, designed to keep you abreast of developments and news with respect to ISO 17799 and information security. The information within the newsletter is totally free to subscribers and provides guidance on various practical issues, as well as commentary on recent Information Security incidents.
Included in this edition are the following topics:
SECURITY AWARENESS: SECTION 4
Most security breaches occur at ground floor level, through employees making errors or inadvertently revealing information. It is ironic therefore that so many organizations do not have a comprehensive awareness program in place... perhaps missing the obvious and focusing upon the rather more stimulating high-tech threat instead.
Security should ideally be part and parcel of the organization's culture. To meet this objective however requires support from the top, determination, and a properly planned and comprehensive awareness plan and program.
This program should include a range of different aspects. To assist, we list some of the most common below:
- A Security Newsletter. This is an important vehicle and can include both news and information in a topical context. Please feel free to extract from this newsletter for inclusion.
- Cheap gifts. Pens, key fobs, and coffee mugs bearing a security message may seem tacky, but they work.
- A 'Roadshow'. Security personnel regularly give presentations to senior management and staff on current threats and issues.
- Video/DVD. If you have the budget, produce and distribute.
- The Screen Saver. Why not use it for security related messages?
- Hijacking Training. If your organization produces internal courses for staff on other topics, make sure that the security angle is covered.
- Posters. Use them and replace them often.
- Competitions. Security crosswords, puzzles and problems, with a suitable prize for the winner.
Some of these may well be seen as mundane. But in the final analysis, threats are usually far more likely to materialize through lack of awareness than through complex cyber crime.