By Topic

The Importance of Employee Awareness to Information Security

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $33
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Martin Smith ; The Security Company Ltd

The business case for information security has never been stronger - but if security infrastructure is the engine, staff awareness is the oil that makes that engine run. Our clients are the growing few that have recognised the critical importance of engaging personnel. Three recent awareness campaigns that The Security Company (International) Limited have run illustrate just how important this investment can be to the success of a company's information security policies and infrastructure. Client 1: a global insurance group with thousands of call-centre employees around the world, each with the data which costs millions of pounds each year in investment in security infrastructure to keep secret. Connected to their ears and mouth were total strangers who may or may not have a right to access that information. For this client, we ran an extensive employee-awareness campaign - e-learning, rolling internal marketing campaigns - and we built an information security knowledge zone, a Web-based repository for their policies and procedures that is easily searchable, accessible and user-friendly. The result has been increased awareness throughout the organisation of the basics of information security. Client 2: a major international bank undergoing an organisation-wide security review. We ran an e-learning campaign aimed at teaching managers and senior staff how to audit their existing data protection and security processes. What emerged was that many departments were operating to years-old security standards. Patches had not been installed on protective software, and awareness of changes in policy was low. Our client was able to review procedures cost-effectively, but more importantly, identify risks early on, saving money and reputation in having to put them right at a later date or when they have already gone wrong. Client 3: a major international business tasked with maintaining awareness of security policy throughout a loose network of free-lance employees, temporary - taff and part-timers. We developed an induction programme based on our proven information security knowledge Zone, and implemented a supporting rolling campaign of security awareness. The longer employees remained at the organisation, the more they were expected to know.

Published in:

Crime and Security, 2006. The Institution of Engineering and Technology Conference on

Date of Conference:

13-14 June 2006