In his latest book, a pre-eminent information security pundit confessed that he was wrong about the solutions to the problem of information security. It's not technology that's the solution, but the human factor-people. But even infosec policies and procedures are insufficient if employees don't know about them, or why they're important, or what ca
GETTING STARTED. Reviewing the Provisions the Company Now Has in Place. Learning the Players-Where the Power Resides. Learning the Corporate Culture-What Can Work Here, What Cannot. Obtaining Management Buyoff-How to Present the Case. Finding Communications Vehicles Currently in Place. ESTABLISHING A BASELINE. Review All Company Polices, Procedures, Standards, Guidelines That Even Remotely Address Information Security Issues. Identifying What Can Be Updated. Identify Documentation Needed. Prepare Documentation. Prepare Forms. Obtain Management Support for Documents-The Seal of Approval. Distribution. COMMUNICATIONS. The Media Available Through the Company. New Technology. Class or Presentation Design. Inclusion of HR Based Communications. Leveraging Resources. Locating Additional Resources. Placing Your Shots-Getting the Most Bang for Your Buck. EVALUATION. Demonstrating the Effectiveness of Your Program. Refreshing Staff Knowledge and Agreements. Use Statistics-Sparingly but Pointedly. Getting Third Party Input. Leveraging Internal Audit. Keeping Up with the Joneses-What Is Happening in the Industry.
Updating the Program to Address Changing Needs.