Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Awareness

We just finished our annual employee briefings for IT security awareness as required by several regulations and our external auditors -- and of course a good idea in general. Awareness is not training but rather a point where we focus attention on this important topic.
Our IT security manager at ACME, Bucky Rogers, was keen to develop a formal security awareness program. We used various resources and guides to create our overall program. This annual briefing is just one part.
We also take the time to alert employees about new severe threats and use those alerts to remind them of our awareness policy as well as our various security bulletins (useful info) posted on our intranet.
Read on???..
We present IT Security Awareness information at all our office sites, at employee staff meetings. We also provide a handout during those briefings. New hires also receive a briefing. Here are the general topics we cover in our annual briefings, all using layman terms.

-- Employee's Role. All staff members are responsible for ensuring computer security, the individual has a role. Individuals must recognize the importance of IT security concerns and respond accordingly.
-- Reporting Issues. Do not hesitate to note possible issues. Bring any computer security related issues to the attention of the network or security staff.

-- Guidance. Do not write down your password. Do not share your password with other users. Do not let other people know your password, even the IT staff.
-- Aging. For security reasons employee account passwords for network/computer systems are set to force change every 60 days or the account will expire. Phone system password changes are required every three (3) months. Other systems may have similar expirations up to at most 6 months for expiration.
-- Requirements. Passwords must be at least 8 characters long. Passwords may not contain your user name or any part of your full name. Passwords must contain characters from at least three of the following four classes: upper case letters, lower case letters, numerals, non-alphanumeric characters.

-- Information. All employees have an obligation to protect confidential and sensitive information that is located on their computers, on the LAN, and in their e-mail files. Sensitive materials may preclude distribution outside of the company. Employees should not search through files or directories that are not part of their job function.
-- Responsible Use. Employees are required to use e-mail and the Internet productively and responsibly.
-- Property. E-mail and computers and the network are property of the company, considered official records. The company may monitor business-related computer and LAN files and e-mail communications at its discretion.

-- General. E-mail is not always secure. Use appropriate discretion when communicating via e-mail.
-- Viruses. Do not open any email attachments unless you are sure of both the content and the sender sine attachments may contain viruses or worms.

  • 1