The uses of information security training

When budgets are being squeezed, often security training will be one of the first items to be cut. However, this is a big mistake, as training in procedures is the essential step that actuall

y implements the policy “on the ground”. This is especially true of information security, where very often the countermeasures involve procedures and people rather than technology.

Many organisations, and businesses in particular, can spend a great deal of money and time on setting up a full Information Security Management System (ISMS). They draw up a high-level policy, conduct a thorough risk assessment, decide on a risk management strategy and appropriate countermeasures, and create standards and guidelines.  However, in too many cases the activity effectively ceases at that point. The policy may be pinned on a noticeboard, but the importance of the new procedures is not communicated effectively to employees. This means that the carefully-framed procedures and standards will be either circumvented or ignored altogether. The result is that the ISMS is never truly implemented, and the organisation’s information assets are just as much at risk as they were before.

google_ad_channel = “7940249670, ” + AB_cat_channel + AB_unit_channel;
google_language = “en”;
google_ad_region = ‘test’;

Article Source: www.ArticlesBase.com