Educating your users on security policies

4280 pts.
Tags:
Network security
Network Security Management
Network Security Policies
Open IT Forum
Security policies
Security training
Open IT ForumWhat measures do you/your organization take to educate employees on network security policies? Do you include this information in new hire training? Do you hold special training? Does your include any unique or particular provisions?

Answer Wiki

Thanks. We'll let you know when a new response is added.

This has come up recently where I work. There has been little guidance on computer/communications security. New hires will be made aware of policy and we are set to train the current employees within the next month.

I think the biggest aspects of security is making sure that personnel understand why certain protocols are being put into place and enforced. It is easier for people to comply with rules that they have an understanding on.

There are no truly unique or particular provisions in what we are trying to accomplish. We are, however, trying to combine these efforts with proper business practices and IT usage. Examples being, do not save movies on your company laptop, do not download pirated music, etc. Many of these things should go without saying, but if you can show a correlation between streaming video and a slow internet connect for the neighbor, people seem to listen a little better.

The biggest step in finalizing full implementation of policy is enforcement. One can write beautifully articulated rules that hit at finite points or give a step by step remedial action plan, but unless management is going to take the corrective action needed to fix discrepancies, all of these actions serve only a litigious purpose.

Sorry to drone on.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

New employees receive a Computer User Policy which has a security section. This must be read and signed. Any questions regarding the policy are discussed with an I.T. staffer.

We also have “university days” which is a company wide education session, IT and security is covered in length. These days are mandatory attendance days; those with valid excuse receive private instruction.

We have several “automated” security features/protocols that essentially take care of everything else. All remove-able storage for example is blocked, web-filtering is active, e-mail security is strict.

Although some may view our policies as lenient, they cover the bases thoroughly and we’ve not had a problem yet.

Hope this helps!

-Schmidtw

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Schmidtw
    Anyone who doesn't comply is confronted nearly immediately. If i'm feeling so devious, I'll trace the MAC address of the abuser and shut off the port. :D -Schmidtw
    11,330 pointsBadges:
    report
  • Jaideep Khanduja
    The policy is sent through mail to all as and when updated. it is also published on company intranet.
    9,100 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following