Friday November 21, 2008 8:10 PM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"when i login to face book it tells me i am cookies enabled what does this mean"
on Ads on Facebook serving up adware
by celeste | Nov 21, 2008 5:15 PM
 
"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."
on Yahoo and Microsoft take aim at lottery scams
by Rodney Churchyard | Nov 20, 2008 6:13 PM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."
on Shavlik Technologies to broaden its patch management offerings
by eric | Nov 20, 2008 8:15 AM
 
"it's great i tried it"
on McAfee offers free trial of security appliance
by divyacharan | Nov 20, 2008 12:24 AM
Privacy

Building a security culture

  • Email a Friend
  • Print Page
Related Articles
By Gordon Rapkin, president and CEO, Protegrity
Jun 25, 2008 3:30 PM
Tags: Building | a | security | culture
I think we can all agree that security, like life, is a journey, not a destination, and regulatory compliance can get us only so far. True security requires a combination of people, processes and technology.

People are often the most overlooked element in any security strategy. This is unfortunate, because no matter how solid the technology and the processes, if the people are not engaged, data breaches happen.

One of the more positive steps an enterprise can make is to institute ongoing security awareness training for all employees, whether it's a cashier or customer service rep. But don't just present the material and hope for the best. Follow any employee training with testing to gauge understanding and to reinforce the vital importance of security.

Among other data-driven security processes, an enterprise security policy must clearly state how people should respond to requests for sensitive information. This security policy should be enforced by technology controls, so employees can't be coerced into providing hackers with information, and also to reinforce the importance of security within the enterprise.

A strong culture of security will emphasize the fact that each employee is a valued participant in preventing data breaches, not a child who is being monitored. It takes time to build an internal corporate culture, and it takes reinforcement to drive home a security message, but to make progress on the security journey, we need to bring all employees in the company along with us.

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
 
Legal Whitepapers
 
Popular Tags
agss approach bulletin cloud endpoint enterprise firefox firewall firms gartner information mashup microsoft pci professional report security secuware server vulnerability