How can you design your org’s security policies to more effectively drive awareness?

Security Strategy & RoadmapAwareness & TrainingRisk Management
1.5k views2 Comments
Sort By:
Oldest
Head of Information Security in Services (non-Government)a year ago
Using relevant examples to help underscore the importance of adhering to policies is key because it helps your messaging resonate. The MOVEit breach has impacted hundreds of companies and millions of individuals, so using that as a relevant example helps people understand the importance of using approved third-party file sharing services. Or, as another example, there was recently an executive in the legal services sector who, before leaving, copied a bunch of data to a USB. By using these real life examples, people can see why the policies are important and why they’re in place. Then you need to emphasize your obligations to clients as well as any regulatory requirements — that makes it clear that we're not just creating these policies for our health, they're meant to protect our clients, ourselves, and they’re required by law. It’s a matter of helping people understand the why behind the policies.
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Head of Cyber Security in Manufacturinga year ago
At least for German market employees shall consent on having read corporate policies on a yearly basis. This is the foundation to a certain extend that you can held them responsible and you made them aware of, even though its most of the time covered to some extend by the secondary obligation in labor law.

Keep the policies concise, and include or reference a website with samples so people can better understand certain scenarios / edge cases.

Content you might like

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & LeadershipStrategy & ArchitectureCloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments

What’s on your IAM roadmap for the next 18-24 months?

Identity & Access Management (IAM)Threat & Vulnerability ManagementSecurity Strategy & Roadmap
Director of IT in IT Services4 days ago
Implementation of Zero trust architecture, its modules across the organisation is a priority for us. So, we will be implementing zero trust strategies in IAM, inline with overall strategy.
1.4k views1 Comment

How can CISOs influence (or perhaps even contribute to) the business’s AI adoption strategy?

Security Strategy & RoadmapSecurityDisruptive & Emerging Technologies+3 more
CISO in Manufacturinga month ago
CISOs have a unique opportunity to proactively shape their organization's AI adoption strategy, Because AI adoption is either in the process of emerging or companies that have already gone down a path are readjusting their ...read more
1
Read More Comments
701 views6 Comments

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes

Can you share advice for leaders looking to shift to a multi-cloud strategy for better resilience in the event of major disruption (such as the recent CrowdStrike outage)? What best practices or common pitfalls are most important to consider?

Security Strategy & RoadmapSecurityPeer Insights+2 more
CISO/CPO & Adjunct Law Professor in Finance (non-banking)a month ago
1.       Ensure the “different” providers are not front ends for the same foundational provider.

2.       Review the track record of each provider on the whole as well as their record with organizations of your size, ...read more
1
Read More Comments
506 views3 Comments