Question

In: Computer Science

How do you respond to users within your company who think that security measures just get...

  • How do you respond to users within your company who think that security measures just get in the way of their work?
  • What could you do to help users view security policies in a more positive manner?

200 words or more, please.

Solutions

Expert Solution

The way I will respond to the users within my company who thinks that security measures just get in the way of their work is The most important aspect of awareness training and education is to accentuate the need for information security. If the users do not understand the necessity of information security from the outset, then any information security awareness drive is destined to failure.

For users to realize this importance, top management need to be involved in and support the program. They themselves need to understand how critical the significance of information security is for the organization. To do this, those that make the corporate decisions need to be educated in the indispensability of information security awareness training for all users.

Once top management recognise the essentialness of an information security program, measures can be taken to integrate information security awareness into the organization. This is done by means of information security policies, stipulating a formal information security awareness program for all users.

By committing themselves, it shows that the senior employees of the company regard information security as crucial and that all users should make a conscientious effort at protecting the valuable assets of the organization.

Implement a Program in Which Every User Accesses the System by Means of an Individual Account:

  • Limit user access to only those files they need to do their jobs: Providing access that is not needed greatly contributes to risk without a corresponding increase in benefit. Why bother?
  • Avoid shared accounts: Individual activity cannot be differentiated unless there are individual accounts.

Require Users to "Authenticate" Themselves in Order to Access Their Accounts (i.e., make sure that they prove that they are who they are representing themselves to be.

Establish Standard Account and Authentication Procedures (known as log-in procedures):

  • Limit users to acceptable log-in times: There is no reason for an average day-shift employee to be able to access the system in the middle of the night.
  • Limit users to acceptable log-in locations: There is no reason for an average employee with a terminal on his or her desk to access the system from his or her supervisor's desk.

The steps for the Information Security Awareness Model could be as  -

1. Educate top management in the necessity of information security awareness within the organization.

2. Make use of the international information security standards as a guideline for the information security policies of the organization.

3. Top management utilises the standards to create the information security policies of the company. This includes pledging commitment to information security awareness.

4. The ISO reviews and maintains the information security of the organization.

5. A formal program for information security awareness is implemented by the ISO practising the information security policies and procedures of the organization.

6. The main section of the program addresses general security measures applicable to all users in the organization. 7. The program should also cater for specialized roles within the organization and provide guidelines on the protective measures within specific departments.

Thankyou


Related Solutions

Why are measures of dispersion important? How do you think these measures compliment measures of central...
Why are measures of dispersion important? How do you think these measures compliment measures of central tendency from the previous week? Which measure of dispersion seems more practical to you? Have you applied either of these measures at some point in your life? If so why, or if not, can you think when they may have been used when someone else was looking at information about you.
Describe your view on the future of the Social Security Program. How do you think this...
Describe your view on the future of the Social Security Program. How do you think this program will look in 20 years? Explain.
As you increase the security of your network, you are concerned that the added security measures...
As you increase the security of your network, you are concerned that the added security measures may impact in ways you had not intended. For example, how could a firewall have a negative impact on business from the following list? Explain It can filter packets from a site known to cause DoS attacks. It can filter packets that have a virus signature. It can block traffic that should be allowed through. It can log every packet that is transmitted.
Who get a performance appraisal? How do you get a performance appraisal? When when do you get a performance appraisal?
Who get a performance appraisal?How do you get a performance appraisal?When when do you get a performance appraisal?
"How vulnerable do you think your health is to environmental stressors? Do you think that your...
"How vulnerable do you think your health is to environmental stressors? Do you think that your physical response to stress has anything to do with your age? Your genes? Your personality? Your daily behaviors? Explain."
Think about your computer system's security.   Respond to the following in a minimum of 175 words:...
Think about your computer system's security.   Respond to the following in a minimum of 175 words: What anti-virus software is installed on your computer? What are its capabilities? How you would prevent data breach? Do you think the installed software is the appropriate software for your machine? If you were to change it, what might you change it to?
How do political parties try to get you to support their candidates/policies? Do you think these...
How do political parties try to get you to support their candidates/policies? Do you think these methods are effective? Why/why not? post in 300 words!
How do you think Health Information systems should work within the corporate setting? How do you...
How do you think Health Information systems should work within the corporate setting? How do you think it actually works within the corporate setting?
WHAT DO YOU THINK MENTAL HEALTH MEANS? WHO DO YOU THINK MENTAL HEALTH AFFECTS? HOW DO...
WHAT DO YOU THINK MENTAL HEALTH MEANS? WHO DO YOU THINK MENTAL HEALTH AFFECTS? HOW DO YOU THINK THE CORONA VIRUS HAS AFFECTED MENTAL HEALTH? ARE STRESS, DEPRESSION, AND ANXIETY PART OF MENTAL HEALTH ISSUES THAT NEED TO BE ADDRESSED? WHAT DO YOU THINK ABOUT THE WAY THESE ISSUES ARE BEING ADDRESSED? IS THERE ENOUGH AWARENESS OR WHAT DO YOU THINK SHOULD BE DONE TO BE MORE IF NEEDED? WHAT DO YOU THINK ARE THE CURRENTLY THE BIGGEST PROBLEMS WITHIN...
Do you believe it is inevitable that employees will respond to change within the workplace with...
Do you believe it is inevitable that employees will respond to change within the workplace with feelings of fear? If you respond yes, then suggest actions managers can take to mitigate these fearful responses. If your answer is no, then describe the actions taken by companies that prevent these fearful responses. Share any life experiences you may have seen regarding how well or how poorly companies implemented major changes in the workplace. Why were they effective or ineffective? What can...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT