Interesting & Relevant read for security professionals

This may be written some time ago but definitely an interesting and relevant read in today's context. This will be a good basic reference material for those of you out there who are involved in writing security policies:

https://www.giac.org/paper/gsec/1691/good-security-policy-necessary/103074

In my opinion, whether a security policy works is not just dependent on how well written the policy is, the human factor plays an important role as well. In this case, the employees of the organisations should have an inquisitive mind about cyber security matters.

karen21 wrote:

There's many fundamentals involved in writing a good security policy, must factor in the current threat level landscape and the various ways to counter it. You can also include your list of impt personels to be contacted during a crisis inside the policy.

karen21 wrote:

I agree! It is the culture that makes the difference. However, they also can't expect miracles to happen just by putting up related posters, they will need to do more in order to really educate the staff. Maybe they can gamify it to stimulate interest and at the same time instill the right mindset.

Does your organization get the employees to sign on the Information Security Policy? Mine does. We also send out Information Security Awareness briefs besides testing on a regular basis.

KudoShinichi wrote:

hi kudoshinichi, may i know what kind of briefs are u referring to? do u mean those mailers or something to blast out?