Awareness Training -- talk to people - do presentations - keep people
thinking - include subject in inductions - get a log on script before people go
on their PCs - get tougher - stop the use of USB sticks - it's time that
organisations took responsibility and stopped allowing the £10 PC World USB
stick being purchased by individuals and being brought to work.
Organisations need to take data security seriously by spending some money,
writing good policies - and enforcing them - and setting an example -- security
is like training - its the first thing that people think they can loose in order to
save money - but it's a short term measure which does not work.
Look at all the organisations which don't take on apprentices an more
because it saves them money - and then look at the workforce 5 years down
the line - lots of people about to retire at the same time and no new trained
workers coming up behind them -- exactly the same when it comes to
security --- people regard it as a hinderance not an enabler --- people in the
security world must change the way information security is perceived .... it
must become part of the culture - not just an add on at the end when it
becomes an issue because it blocks an action.
And -- data protection officers / information security professionals should be
paid a decent salary to get the message across and keep the momentum ......
Sorry - this is a rant ....... I am very enthusastic about the subject .......
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|