Information Security Education & Best Practice
Corporate information security awareness is a critical element of any successful security policy.
It is generally accepted that sound security is reliant upon a balance between the implementation of sound security policy and its enforcement, sensible application of security technology, and management of the overall security programme. However, even the best security programme is undermined if those who operate it and are affected by it are not adequately aware of its existence, and of their responsibilities.
Ignorance and uncertainty undermine security. If staff and management are unaware of their responsibilities, of the risks the organisation faces, and of how to react to incidents, then the probability that risks will materialise is significantly magnified. Furthermore, uncertainty is seriously disabling. Uncertain organisations become constrained in the opportunities they are willing to explore, because they do not understand either the nature of risk, or the actions that could be taken to mitigate their risk.
Staff should be considered an integral part of any security measures:
- They are generally the first to be impacted by potential security incidents.
- Their compliance makes or breaks the security programme.
- Their awareness helps to prevent incidents, and mitigates damage when incidents do occur.
Education and awareness are critical elements of any successful security programme. Without awareness, users cannot be responsible for compliance with policy. This will certainly have an adverse impact on the confidentiality, integrity and availability of your organisation’s information.
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
“We have used commissum for several years and their work has always been professional and delivered to a high standard. We appreciate their ability to readily interpret project requirements and to make a valuable contribution even when a project's budget is tight. commissum are easy to deal with and have the flexibility to manage changing time scales and requirements.”
Mr Iain R, Account Director, International Business Systems & Managed Services Company
Latest News
Alleged Chinese Government Hacking Department back in action
Allegedly the Chinese state sponsored cyber division named as Unit 61398 are back in action after a lull in their activities. This group that allegedly specialises in governmental and industrial espionage was very active and successful up until February this year. The targets of Unit 61398, also known as APT1, have ...Tue 21 May, 2013 //
Leading USA military contractor QinetiQ hacked and ransacked by Chinese hackers for three years
A new report from Bloomberg, the business information provider (www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html) outlines how hackers from China stealthily infiltrated the computer systems of QinetiQ North America, a leading espionage and military contractor to the US government, and the US branch of the British defence technology company QinetiQ. A vast range of highly ...Wed 08 May, 2013 //
Suspected hacker arrested after “biggest-ever DDoS attack”
Police in Spain have arrested a Dutch national on suspicion of launching the largest-ever “Distributed Denial of Service” (DDoS) attack. Sven Olaf Kamphuis, 35, was arrested on April 25th near Barcelona, Spain. At the time, he was in possession of a specially-equipped van set up as a mobile computing and ...Tue 30 Apr, 2013 //
