TOP 10 List of Ways to Create a “Security Culture” Within an Organization
August 08, 2008
TOP 10 Lists of Ways to Create a “security culture” Within an Organization
Al Decker and Rebecca Whitener, two security experts from Texas technology services company EDS, have compiled a top 10 list of ways to create a "security culture" within an organization. The two say that with security breaches and identity theft on the rise, protecting information is the responsibility of everyone in an organization.
1. Implement a culture of security at the top, including senior management.
2. Offer employees annual training programs.
3. Encourage a clean desk policy. Desks or unlocked offices are targets for information theft.
4. Activate an information classification policy. Creating an awareness of what types of information are "for your company only" can help reduce security breaches.
5. Dispose of information securely: shredders for sensitive information, the trash for other documents.
6. Guard your conversations outside company premises. Remind employees that discussions in public places could leak information.
7. Approach security in multiple layers, including restrictions of physical access to facilities.
8. Make sure employees can answer two vital questions: Would you know a security violation if it occurred? Who would you tell if you learned of one?
9. Don't underestimate the power of social engineering. Employees must realize that any unusual activity should be considered suspicious: unknown people roaming halls, odd requests for information outside of normal business processes, requests for passwords.
10. Ensure that the corporate audit function includes a security policy and practices review.