Post by SecurityPlus on Sept 23, 2015 14:29:19 GMT
4. Make it Easy for People to do the Right Thing
Making it easy for people to do the right thing is a simple and effective technique to gain corporate wide support for and participation in an information security program however, successful implementation is often as a result of persistent hard work over a period of time. Remember that we are talking about Information, not IT - in other words the remit extends well beyond the IT Department. Many information security departments are introspective; they write and publish documents and guidance for themselves, not for the business at large. Information security programs should get back to basics and make it easier for people to do the right thing than to do the wrong thing. This includes writing and publishing accessible and useful policies, standards, procedures and guidance. The focus for all guidance should be "how to do things securely" as opposed to simply "What not to do". Ensure there is an easy process for additional support (asking clarifying questions). Where security technology is being evaluated, place ease of use and management high on the priority list. Security should be integrated into people’s existing environments wherever practical. All organizations should make it easier, not harder to do the right thing – strife to reduce complexity in processes and systems.
-----------------------------
This is the main contents. Please refer the original contents.
Please comment on regarding modifications of subject, this content and
additional content.
1. Category needs to be deleted.
2. Revise Content : If the contents need to be revised, please kindly
inform us your opinion in detail.
3. New Proposals
Making it easy for people to do the right thing is a simple and effective technique to gain corporate wide support for and participation in an information security program however, successful implementation is often as a result of persistent hard work over a period of time. Remember that we are talking about Information, not IT - in other words the remit extends well beyond the IT Department. Many information security departments are introspective; they write and publish documents and guidance for themselves, not for the business at large. Information security programs should get back to basics and make it easier for people to do the right thing than to do the wrong thing. This includes writing and publishing accessible and useful policies, standards, procedures and guidance. The focus for all guidance should be "how to do things securely" as opposed to simply "What not to do". Ensure there is an easy process for additional support (asking clarifying questions). Where security technology is being evaluated, place ease of use and management high on the priority list. Security should be integrated into people’s existing environments wherever practical. All organizations should make it easier, not harder to do the right thing – strife to reduce complexity in processes and systems.
-----------------------------
This is the main contents. Please refer the original contents.
Please comment on regarding modifications of subject, this content and
additional content.
1. Category needs to be deleted.
2. Revise Content : If the contents need to be revised, please kindly
inform us your opinion in detail.
3. New Proposals