The insider threat is often discussed among the top information security risks facing organizations. In fact, for the first time in seven years of doing the study, the 2012 Ponemon Data Loss survey listed internal mistakes by insiders is the number one cause of data breaches. What is an insider threat? This term is loosely […]
Tag Archives: employee security policy
4. Targeted User Groups Not all information security policies are appropriate for every role in the company. Therefore, written information security policy documents should be targeted to specific audiences with the organization. Ideally, these audiences should align with functional user roles within the organization. (See Information Security Roles and Responsibilities Made Easy, by Charles Cresson [...]
In order for written information security policies to have “teeth”, there must be consequences for employees that do not follow policies, and this fact must be documented as part of the published policy. The “sanctions” portion of most security policies reads something like this: “Failure to comply with this policy will result in disciplinary action, […]