Question

Many people believe that computer security relies on firewalls, programs, and policies. However, much of computer security is dependent on the corporate culture, and their view on security. For instance: Is it normal for people to leave their desks with their computer unlocked?

You want to improve the security in your organization without using negative reinforcement (i.e. policing). What are some ways you can help drive a culture of security in an organization? Try to be unique and novel in your suggestions.

Answer 1

It is true that much of computer and information security depends on individual behaviour and level of responsibility and carefulness on the part of individual. Hence, computer security can be enhanced if proper corporate policies and culture are in place. Negative policing is not the only way to enforce computer security compliant behaviour - Following are some of the other ways:

1. Proper training of employees on computer and information security, making then aware of the do's and don'ts.

2. Spreading awareness among employees regarding the reasons and need of computer security in the organization as well as the possible negative impacts of any security breach.

3. Encouraging, rewarding and incentivising proper computer security compliant behaviour and conduct

4. Conferring honorary roles (like "Security Champion") and responsibilities to employees who would help maintain computer security and spread awareness.

5. Providing a computer security helpdesk where employees can get support and answers for their issues and queries respectively.