To be successful, several aspects must be considered in user training. The one of paramount importance is getting users to 'buy into' the fact that the need for security is critical. This requires overcoming the mindset of this is not my concern". This is accomplished by demonstrating to the end users that only through the continued health and safety of the company will they continue to be employed. Even if an employee is unconcerned because she/he plans to quit anyway, a new prospective employer, in some cases, cannot contact this present firm regarding his/her performance, due to legal issues.
Users must be educated on the fact that corporate data is the most valuable asset the corporate entity has. This step is the groundwork which training builds upon. Without this policy concept firmly in place, there's no foundation to create structure.
It is the administrator's task to convince (and ensure) users, that steps must be taken on an ongoing basis, such as changing passwords. A password taped to a monitor or under a desk blotter renders the password useless. A would-be intruder simply gets a job in maintenance and cleans the office of passwords at night.
Some firms put into place rigorous policies, ranging from no copying of work (files) to diskettes, or only allowing new work to be created outside of the office and then brought into work. Often all disks transported by employees in a particularly diligent company, will have those disks leaving the premises scanned. Security policies require being flexible enough to allow employees to get their job done. Reasonable security combined with convincing employees that protection of the corporate assets is in their best interests is the best possible approach.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.