In Software Development Companies, we all know people are the weakest
link in the chain and are the source of many information security breaches
within the organization. Before demanding information security, employees
should be conveyed the importance of company’s information and criticality. An
educated and aware user is the foundation of a secure and reliable business
environment.
Dealing with information
security threats and incidents is not a technology issue but people’s behavior.
It is a critical factor to have a successful and effective information security
program that will modify the behavior of employee’s dealing and interacting
with company’s policies and procedures. Usually in many IT companies of India, IT or Security department is considered
responsible for the security of information assets. It is a misconception which
has to be communicated among employees that the IT department is not the only
one responsible but Information security is everyone’s responsibility.
Information Security is everyone’s responsibility and at any level of the
hierarchy.
Information security
awareness program helps in minimizing the cost of security incidents, helps
accelerate the development of new application systems in Software Development Industry, and helps assure the consistent
implementation of controls across an organization’s information systems.
The primary and foremost
objective of any awareness program is to educate users on their responsibility
to protect the confidentiality, availability and integrity of their
organization's information.
One of the objectives of
an awareness program is to convey simple, clear and presentable message in a
format that is easily understood by the audience.
The awareness program’s
objective is that users understand not only how to protect the organization’s
information, but why it is important to protect that information.
Awareness program’s goal
is to get users attention on information security policies and increase
awareness level on all security controls and practices in the organization.
One of the goals is to
create a security culture across the organization and keep on reminding
employees about its importance and their contribution in that.
“Continuous improvement
should always be the theme for security awareness and training initiatives, as
this is one area where “you can never do enough.””
This is the perfect blog i had ever seen. Thanks for posting this post. ISO 27001 Certification
ReplyDelete