Policies are not enough to protect an organization. Employees must develop user awareness
programs so that other employees know about specific policies and are trained to carry out
actions specified in security policies. The overall process to accomplish this task is usually
referred to as security education, training, and awareness (SETA).
Take, for example, a policy dictating that employees should access the Internet for business
use only. Management can dictate this as a policy, but how are end users going to know? That’s
where employee awareness comes in. Employee awareness could include asking employees to
sign an acceptable-use statement when they are hired; it might also include periodic training,
and could even include warning banners that are displayed each time an employee accesses the
Internet. Awareness is about making sure that employees know security policies exist, what
they are, and what their purpose is.
0 comments:
Post a Comment