The importance of employee awareness to information security
The importance of employee awareness to information security
- Author(s): M. Smith
- DOI: 10.1049/ic:20060320
For access to this article, please select a purchase option:
Buy conference paper PDF
Buy Knowledge Pack
IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.
IET Conference on Crime and Security — Recommend this title to your library
Thank you
Your recommendation has been sent to your librarian.
- Author(s): M. Smith Source: IET Conference on Crime and Security, 2006 p. 115 – 128
- Conference: IET Conference on Crime and Security
- DOI: 10.1049/ic:20060320
- ISBN: 0 86341 647 0
- Location: London, UK
- Conference date: 13-14 June 2006
- Format: PDF
The business case for information security has never been stronger - but if security infrastructure is the engine, staff awareness is the oil that makes that engine run. Our clients are the growing few that have recognised the critical importance of engaging personnel. Three recent awareness campaigns that The Security Company (International) Limited have run illustrate just how important this investment can be to the success of a company's information security policies and infrastructure. Client 1: a global insurance group with thousands of call-centre employees around the world, each with the data which costs millions of pounds each year in investment in security infrastructure to keep secret. Connected to their ears and mouth were total strangers who may or may not have a right to access that information. For this client, we ran an extensive employee-awareness campaign - e-learning, rolling internal marketing campaigns - and we built an information security knowledge zone, a Web-based repository for their policies and procedures that is easily searchable, accessible and user-friendly. The result has been increased awareness throughout the organisation of the basics of information security. Client 2: a major international bank undergoing an organisation-wide security review. We ran an e-learning campaign aimed at teaching managers and senior staff how to audit their existing data protection and security processes. What emerged was that many departments were operating to years-old security standards. Patches had not been installed on protective software, and awareness of changes in policy was low. Our client was able to review procedures cost-effectively, but more importantly, identify risks early on, saving money and reputation in having to put them right at a later date or when they have already gone wrong. Client 3: a major international business tasked with maintaining awareness of security policy throughout a loose network of free-lance employees, temporary staff and part-timers. We developed an induction programme based on our proven information security knowledge Zone, and implemented a supporting rolling campaign of security awareness. The longer employees remained at the organisation, the more they were expected to know.
Inspec keywords: data privacy; security of data; personnel; technology management
Subjects: Computer installation management
Related content
content/conferences/10.1049/ic_20060320
pub_keyword,iet_inspecKeyword,pub_concept
6
6