Who Cares About Your Information Security Policy Revisions?

Perform your employees read and absorb information security and acceptable use policy changes like they were the next Harry Potter? Or perhaps do you have a sneaking suspicion that your hard work may be going unread or being instantly forgotten? information security news

Achieving sign-off on information security plans and AUPs can be problematic enough for CISOs. Yet , making sure those amendments are put into practice immediately by a whole organisation of time-poor and information-overloaded employees is the actual headache.

Let’s take mobile phones as an example. Most organisations I come into contact with nowadays are fully embracing the mobile device revolution. These that traditionally only backed one mobile phone program now support multiple websites and those that got a blanket ban on tablets are capitalising on their agility benefits. Symantec’s 2012 State of Flexibility Report makes interesting reading about this growing craze. 

We’ve reached a point where mobile devices are being used almost just as much as desktops and notebook computers. Research including the one included in Morgan Stanley’s Portable Internet Report also signifies that it will not be long before mobile phones and tablets become the major way people hook up to the Internet. So why is the emphasis still on computers when it comes to information security?

Most will recognise that almost all of the security breaches that can arise through a computer can happen through a mobile phone or tablet. The majority of will have also observed a story or two about how precisely the private online activities of an employee lead in catastrophe for an organisation – particularly because of this of accessing or holding sensitive information on an unsecured personal device. However the news headlines and surveys still have firms inserting their security give attention to computers and networks. Furthermore, there is great matter that lots of organisations still avoid have an enough personnel policy regarding the use of personal devices at work.

That said, creating a long set of mobile security dos and don’ts basically the most effective solution. In fact, the anchor of your employee information security awareness campaign should be hardware-specific at all.

Whilst there are certainly measures to consider when using different devices, recognition campaigns must give attention to the info first and foremost. When the employee embraces the need to protect the information, there exists a greater natural tendency to check the weaknesses of different devices.

Bearing all of this in brain information security policies and AUPs are continually growing documents. Unfortunately, organisations which may have spent significant amounts of time and resource building a powerful worker information security mindset can sometimes fail to progress that mindset in range with policy amendments. My spouse and i use mobile devices as an example because many organisations are currently putting into action huge policy changes to address the extreme dangers they pose.