Computer Security Awareness Training

I saw a great article today on Baseline about the need for organizations to deal to with corporate governance, Information Security and Privacy, identity theft, and the ever-growing number of laws and regulations.

While most organizations are required by law or contracts to have internal controls supporting the privacy of sensitive information, these are issues which everyone must consider. Betty Steele points out that any organization outsourcing business process with personal information is most likely required by laws, regulations, and/or contracts to exercise oversight prior to and during engagement with service providers. And these requirements are growing rapidly.

According to Ms Steele, there are several key factors behind this growth. She discusses each of these points and recommends ways to help an organization reduce compliance costs and potentially optimize its use of information technology.

Worldwide Laws and Regulations
Although there are always new laws and regulations to provide greater protection to personal information, it is most often compromised because basic cybersecurity cotnrols such as strong passwords, encryption and up-to-date anti-virus software are not in place, or because the resources of cyber criminals exceeds those of public and private sectors.

Outsourcing
To cut costs and gain flexibility in new technology, many organizations outsource noncore job functions and processes.  However, many significant security breaches have involved third-party service providers. 

Value of Information Assets
Organizations are becoming more and more reliant on intangible, knowledge-based information assets to operate.

New and Faster Technologies
Information is no longer protected behind stationary boundaries, but now is increasingly mobile with laptops, thumb drives, PDA’s and other mobile devices. As new technologies become available, it is important to have comprehensive risk management.

Competition
Most industries are under pressure to reduce cost to remain competitive.  Some important steps to counter increased risk include:
* Oversight and involvement in safeguarding information assets
* Appropriate information security management frameworks and standards (including security awareness)
* A quality process improvement program (such as Lean or Six Sigma)

Subscribe to the CyberSecurity Training and Awareness blog to be the first to learn about future Cybersecurity news and Security Awareness Training solutions.