1st Edition

Building an Information Security Awareness Program

By Mark B. Desman Copyright 2001
    268 Pages 50 B/W Illustrations
    by Auerbach Publications

    268 Pages
    by Auerbach Publications

    In his latest book, a pre-eminent information security pundit confessed that he was wrong about the solutions to the problem of information security. It's not technology that's the solution, but the human factor-people. But even infosec policies and procedures are insufficient if employees don't know about them, or why they're important, or what can happen to them if they ignore them. The key, of course, is continuous awareness of the problems and the solutions.

    Building an Information Security Awareness Program addresses these concerns. A reference and self-study guide, it goes step-by-step through the methodology for developing, distributing, and monitoring an information security awareness program. It includes detailed instructions on determining what media to use and where to locate it, and it describes how to efficiently use outside sources to optimize the output of a small staff. The author stresses the importance of security and the entire organizations' role and responsibility in protecting it. He presents the material in a fashion that makes it easy for nontechnical staff members to grasp the concepts. These attributes render Building an Information Security Awareness Program an immensely valuable reference in the arsenal of the IS professional.

    GETTING STARTED
    Reviewing the Provisions the Company Now Has in Place
    Learning the Players-Where the Power Resides
    Learning the Corporate Culture-What Can Work Here, What Cannot
    Obtaining Management Buyoff-How to Present the Case
    Finding Communications Vehicles Currently in Place

    ESTABLISHING A BASELINE
    Review All Company Polices, Procedures, Standards, Guidelines That Even Remotely Address Information Security Issues
    Identifying What Can Be Updated
    Identify Documentation Needed
    Prepare Documentation
    Prepare Forms
    Obtain Management Support for Documents-The Seal of Approval
    Distribution

    COMMUNICATIONS
    The Media Available Through the Company
    New Technology (Video Taping, Streaming Video, Etc.)
    Class or Presentation Design
    Inclusion of HR Based Communications
    Leveraging Resources
    Locating Additional Resources
    Placing Your Shots-Getting the Most Bang for Your Buck

    EVALUATION
    Demonstrating the Effectiveness of Your Program
    Refreshing Staff Knowledge and Agreements
    Use Statistics-Sparingly but Pointedly
    Getting Third Party Input
    Leveraging Internal Audit
    Keeping Up with the Joneses-What Is Happening in the Industry
    Updating the Program to Address Changing Needs.

    Biography

    Mark B. Desman