There are numerous great websites that provide generic best practice information security tips for the particular workplace. However , employers need to be conscious of two major risks of inquiring employees to rely on them for their safety awareness.
The first risk is ensuring your employees visit one of the great websites, rather than fall foul of just one of the ‘lesser’ sources. Simple enough to resolve – send your staff an email of the information security websites which you approve of. Job done! If you are you looking for more information regarding penetration test have a look at the web-page.
The second risk isn’t so simple to deal with. Your organisation is unique, with its personal specific processes, procedures and details types. It may even draw special cyber threats that other industries and organisations don’t have to contend with. Sadly, any best practice that your workers draw from generic security web sites is unlikely to be fully applicable to these unique aspects of your company.
For example , generic websites can talk about the dangers of phishing, but they can not talk about the specific dangers of spear phishing attacks that are unique for your industry or organisation. Generic websites can talk about how ‘sensitive information’ should be encrypted when copied onto storage media or transported upon laptops, but they can’t define what ‘sensitive information’ means in the context of your organisation.
Benefits of the specific resource
Many organisations are addressing this particular second risk by bringing the way to obtain security best practice in-house. This ensures that employees have fast entry to a comprehensive portal that covers the particular breadth of required information safety awareness. In most cases this is achieved by way of a distinct information security micro-site kept within their existing intranet framework.
This delivers the immediate benefit of allowing you to tailor all information security best exercise to your organisation, making it fit with regard to purpose for the work your employees do and the way that they do it. The types of information can be discussed within the context of the organisation’s personal information classification system. All handling procedures can refer specifically to organisation processes. The unique risks of the industry or organisation can also be tackled, with relevant real life case studies providing additional weight.
Compiling an in-house resource also provides many other advantages. The content can be re-tasked for your worker information security awareness training sessions. It can also become the central information hub from which organisation-wide information security communications strategies are run. No matter how campaign messages are conveyed to employees — whether by posters, presentations, flat screen screen animations or quick-guides – the information security micro-site is always mentioned as the first port of call for further information.
Building an information security portal
Naturally there are many factors that contribute to a successful information security portal. 2 key priorities are to plan a clear information hierarchy and strive for maximum build flexibility.
Getting the information hierarchy right plays a huge function in dictating the success of the task. If users have trouble obtaining what they want to know, you run the risk that they’re going to try and find it on a web lookup, which takes them outside your control. Information security is a complex topic, and a clear information structure not only makes it easy to find topics, it may also help employees to see how all the various topics inter-relate. This can make the entire subject seem much more mentally accessible and therefore easier to employ.
Build flexibility gives your site the longest possible shelf-life and makes it a highly versatile communications tool. Like any web site, users are encouraged to return if they really feel it is a dynamic source of valuable info. For example , home page flexibility in particular enables you to tailor it to particular information security awareness campaigns. You should also ensure that the clear information hierarchy takes into account that the site will grow over time. For example , as new threats emerge or as new procedures are introduced to the organisation.