Basic Principles of Security Awareness. Security experts consider system users the weakest link in information security. User skill levels and experience can greatly vary, and unlike automated controls, human users can be subject to fatigue, or be distracted, which can lead to mistakes resulting in vulnerabilities. Security awareness training is often a user’s first experience with information security.… Read More »
When considering the implementation of security policies, an organization must also consider how employee behavior often varies depending on whether the organization uses a flat or hierarchical management structure. In flat organizations, there are less layers between management and employees so decisions and problem solving generally happens faster and at a lower level. Smaller organizations tend to be… Read More »
Risk management is essential to the success of every company In business, risk is the likelihood that a loss will occur if a threat exposes a vulnerability. An organization must take risks to thrive, but must also recognize that risk cannot be ignored. The key is to understand threats and vulnerabilities, and then mitigate the threat to vulnerabilities… Read More »
Incident Response Teams Computer Incident Response Teams (CIRTs or IRTs) are key components in information security incident response. Effective incident response doesn’t just happen; it takes careful planning and practice. An effective Incident Response Policy should have a plan documenting steps that must be followed and should contain key tasks or milestones with details, processes, and procedures,… Read More »