Tuesday, May 5, 2015

Information Security Awareness Goals and Objectives

In Software Development Companies, we all know people are the weakest link in the chain and are the source of many information security breaches within the organization. Before demanding information security, employees should be conveyed the importance of company’s information and criticality. An educated and aware user is the foundation of a secure and reliable business environment.

Dealing with information security threats and incidents is not a technology issue but people’s behavior. It is a critical factor to have a successful and effective information security program that will modify the behavior of employee’s dealing and interacting with company’s policies and procedures. Usually in many IT companies of India, IT or Security department is considered responsible for the security of information assets. It is a misconception which has to be communicated among employees that the IT department is not the only one responsible but Information security is everyone’s responsibility. Information Security is everyone’s responsibility and at any level of the hierarchy.


Information security awareness program helps in minimizing the cost of security incidents, helps accelerate the development of new application systems in Software Development Industry, and helps assure the consistent implementation of controls across an organization’s information systems.

The primary and foremost objective of any awareness program is to educate users on their responsibility to protect the confidentiality, availability and integrity of their organization's information.

One of the objectives of an awareness program is to convey simple, clear and presentable message in a format that is easily understood by the audience.

The awareness program’s objective is that users understand not only how to protect the organization’s information, but why it is important to protect that information.

Awareness program’s goal is to get users attention on information security policies and increase awareness level on all security controls and practices in the organization.

One of the goals is to create a security culture across the organization and keep on reminding employees about its importance and their contribution in that.

“Continuous improvement should always be the theme for security awareness and training initiatives, as this is one area where “you can never do enough.””

1 comment: