Implementing Security Awareness

  • Article

It would be nice if we lived in a world where everyone could be trusted. I am firm in my (perhaps naive) belief that most people can be trusted. However, in IT we're not paid to believe in the trustworthiness of the majority, but protect company assets against the untrustworthiness of the minority.

If you come to see Damir, Christian, John B and myself when we stop in your city for the Unify Tour, you'll hear us stress the importance of security in IT. It may be easier, less time consuming and very tempting to take a shortcut and just get the job done, but if the job isn't done properly and securely, it could cost you dearly in the long run and open you and your company up to a world of hurt.

Samuel Greengard writes about 6 common IT security mistakes that many midsized companies make and what you can do to avoid them. Half have to do with procedures and training.

So say you want to implement better IT security at your company, and put in place better procedures, processes and rules. Where the heck would you begin? A complete security program might include everything from social engineering and dumpster diving to messaging and development procedures. And once you've figured out where to begin, how would you convince others that this is important and should be a priority? 

Check out the Security Awareness Program Material download. I'll warn you - it's a large download (120MB) and I actually timed out the first time I tried to download it. But once I got it down I was amazed at the amount of information and tools in the package. It contains presentations and whitepapers, value propositions and key considerations. Everything you need to implement a security program at your company from figuring out what the program will look like to informing and educating those around you. It even has security posters and email templates!