Thursday, May 12, 2011

How to start your Security Awareness Program?

I must say I'm still in the process of learning and practising IT Security but I know I got a good background in securing an environment as I worked on every aspect of Information Technology. In a usual IT environment, the company has Active directory for Identity and Access control, Firewall and router for Network Connectivity, Antivirus, Mail, Backup and File servers. Now how would you start your security program? You cannot just start mandating all your employees to do this and that. In able to have a successful security program, at least to start, is to have the Top executive back you up in the program. You must get their approval on why security is needed and how will the company benefit. The program should also align with the company's mission and vision statement. A program would be hard to implement if there is no budget allocated. In able to get the figures, you can start with Risk Assessment. This will give you an overall view on what your assets (Data, Information, Process, etc) are and which one needs to be secure. The assessment is a long process but it would be able to give you a figure on how much to secure the company's assets.

Now how would you direct the program to the end-user?. For me I started it by putting Posters at the common area. I printed on an A4 paper regarding how valuable a strong password are and how to create a strong and complex password.

No comments:

Post a Comment