Ch 4: “Employee Behavior & Information Security Risk”{0}
The internet has brought many advantages like a broader customer-base, but it has also brought risks. An important risk that is overlooked is the security of information. According to Robert O’ Brien, the biggest threat to information security is people. O’ Brien is the chief executive of Barons-court, a company that specializes in IT and IT security. He blames it on the inability of employees to follow procedures and policies. This has led to government investigations, fines, and damages to the firm’s reputation.
Employees are the main users of data and information and thus they are at the teeth of the problem. Employees of the organization must understand policies of IT security in order to have compliance. O’ Brien states that IT security is a “on going process” because data security threats are “ever evolving.”
Automation is a necessity for compliance of IT security policies. Since threat are always appearing, the policy creation process should be automated. This allows new policies and improvements on existing policy. Using automatic targeting technology allows the organization to track all users of the organization whether it be from a laptop or a PDA device. Automation of surveys shows who understands the policies of IT security. This increases participation of the employees. Automation helps identify problems and allows for a process that is repeatable to keep up with ever-changing security threats. The best practice of IT involves trained users who understand the policies. When it comes to information security, the more one knows the better it is for information security.
Source: http://www.computerweekly.com/Articles/2009/04/27/235799/infosec-2009-employee-behaviour-and-information-security.htm