Topic-icon Interesting & Relevant read for security professionals

3 months 2 weeks ago #3604 by cyberfox123

This may be written some time ago but definitely an interesting and relevant read in today's context. This will be a good basic reference material for those of you out there who are involved in writing security policies:

https://www.giac.org/paper/gsec/1691/good-security-policy-necessary/103074

Please Log in or Create an account to join the conversation.

3 months 2 weeks ago #3605 by karen21

In my opinion, whether a security policy works is not just dependent on how well written the policy is, the human factor plays an important role as well. In this case, the employees of the organisations should have an inquisitive mind about cyber security matters.

Please Log in or Create an account to join the conversation.

3 months 2 weeks ago #3606 by paulsng33

karen21 wrote:

In my opinion, whether a security policy works is not just dependent on how well written the policy is, the human factor plays an important role as well. In this case, the employees of the organisations should have an inquisitive mind about cyber security matters.

There's many fundamentals involved in writing a good security policy, must factor in the current threat level landscape and the various ways to counter it. You can also include your list of impt personels to be contacted during a crisis inside the policy.

Please Log in or Create an account to join the conversation.

3 months 2 weeks ago #3609 by liliansoh

karen21 wrote:

In my opinion, whether a security policy works is not just dependent on how well written the policy is, the human factor plays an important role as well. In this case, the employees of the organisations should have an inquisitive mind about cyber security matters.

I agree! It is the culture that makes the difference. However, they also can't expect miracles to happen just by putting up related posters, they will need to do more in order to really educate the staff. Maybe they can gamify it to stimulate interest and at the same time instill the right mindset.

Please Log in or Create an account to join the conversation.

3 months 2 weeks ago #3612 by KudoShinichi

Does your organization get the employees to sign on the Information Security Policy? Mine does. We also send out Information Security Awareness briefs besides testing on a regular basis.

Please Log in or Create an account to join the conversation.

3 months 2 weeks ago #3615 by twentysomething

KudoShinichi wrote:

Does your organization get the employees to sign on the Information Security Policy? Mine does. We also send out Information Security Awareness briefs besides testing on a regular basis.

hi kudoshinichi, may i know what kind of briefs are u referring to? do u mean those mailers or something to blast out?

Please Log in or Create an account to join the conversation.