A security conscious workforce

I monitor a security mailing list, where in
a thread
, it is suggested that education of employees is the best security prevention that is. This is a mindset that I agree with. The thread motivated me to look further into how to educate employees to be security conscious.

I found some articles on a forum for Chief Security officers or CSO’s.
One article
is about how to get the message out to the employees, and the article suggest you lots of internal marketing and branding to keep focus on the subject. In the article is also described how the IT department crafted a fake phishing mail and send it out to all employees. The attached file, instead of installing a root kit, show a flashy and colourful warning, at the same time the IT department also collected statistics on how many people actually fell into the phishing trap.

Another article I liked is how to set up a security awareness/education programme in a corporation. The article details the methods to get the information into the heads of the employees instead of just a dusty book on the shelf.  They recommend to always keep the content fresh and using a heavy dose of humour, since most people find it security boring. The article also  suggest to regularly to remind people of the security policy by implementing a captive portal that requires the employees to complete a new test monthly, in order to use the network.

Advertisements
This entry was posted in IT Security, Week 19. Bookmark the permalink.

3 Responses to A security conscious workforce

  1. mbnielsen says:

    Other people have concluded that it is smart to educate users, e.g. this one. It is related to the SANS institute.

  2. Mads says:

    Thanks for the link to the nice newsletter. Did you have aspecific monthly issue in mind?

  3. mbnielsen says:

    no. I is just an example of educating the user. They actually write their stuff in a non-techie readable fashion

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s