Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)

Previous Topic/Section
5.7.4  Vulnerabilities
Previous Page
Pages in Current Topic/Section
1
Next Page
5.8.1  Communication
Next Topic/Section

5.8  Education

To be successful, several aspects must be considered in user training. The one of paramount importance is getting users to 'buy into' the fact that the need for security is critical. This requires overcoming the mindset of “this is not my concern". This is accomplished by demonstrating to the end users that only through the continued health and safety of the company will they continue to be employed. Even if an employee is unconcerned because she/he plans to quit anyway, a new prospective employer, in some cases, cannot contact this present firm regarding his/her performance, due to legal issues.

Users must be educated on the fact that corporate data is the most valuable asset the corporate entity has. This step is the groundwork which training builds upon. Without this policy concept firmly in place, there's no foundation to create structure.

It is the administrator's task to convince (and ensure) users, that steps must be taken on an ongoing basis, such as changing passwords. A password taped to a monitor or under a desk blotter renders the password useless. A would-be intruder simply gets a job in maintenance and cleans the office of passwords at night.

Some firms put into place rigorous policies, ranging from no copying of work (files) to diskettes, or only allowing new work to be created outside of the office and then brought into work. Often all disks transported by employees in a particularly diligent company, will have those disks leaving the premises scanned. Security policies require being flexible enough to allow employees to get their job done. Reasonable security combined with convincing employees that protection of the corporate assets is in their best interests is the best possible approach.

Quick navigation to subsections and regular topics in this section



Previous Topic/Section
5.7.4  Vulnerabilities
Previous Page
Pages in Current Topic/Section
1
Next Page
5.8.1  Communication
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.