Warning: session_start() [function.session-start]: open(/home/content/30/5076530/tmp/sess_dchns1atn5kc7butilhoqba6g3, O_RDWR) failed: No such file or directory (2) in /home/content/30/5076530/html/wp-content/plugins/wordpress-automatic-upgrade/wordpress-automatic-upgrade.php on line 121

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/30/5076530/html/wp-content/plugins/wordpress-automatic-upgrade/wordpress-automatic-upgrade.php:121) in /home/content/30/5076530/html/wp-content/plugins/wordpress-automatic-upgrade/wordpress-automatic-upgrade.php on line 121

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/30/5076530/html/wp-content/plugins/wordpress-automatic-upgrade/wordpress-automatic-upgrade.php:121) in /home/content/30/5076530/html/wp-content/plugins/wordpress-automatic-upgrade/wordpress-automatic-upgrade.php on line 121
Employees, Questions, and Business Risk... | Marcos Christodonte II - Information Security Blog
Top

Employees, Questions, and Business Risk…

February 1, 2010 by  

I was reading an article today by Jay Forte about having a value discussion with your employees. The article was quite interesting, and as I read it, I thought about how his guidance also applied to security. Jay outlined what managers could tell their employees to help them add value to their organizations. Part of the sample note that he provided for employees said, “I need you to think through each of your decisions and know its impact on our customers, on your job and on our company.” That statement resonated with me!

The decisions employees make have immense impact on their companies—oftentimes with lasting consequences. As easy as employees can boost sales and generate revenue, they can also create vulnerabilities, cause data loss, ruin reputation, and cost their company in legal or regulatory penalties.

Here are a few things that you can start discussing with your employees (some items target different groups):

  • Read and understand policies. If you have a question, ask.
  • Speak up if you’re not happy with service-delivery. Don’t try to circumvent controls!
  • Your actions may affect service-level agreements with valued partners!
  • Operators: Don’t go for the quick work-around — it may create a weakness. Instead, use the change control process.
  • Administrators: Be more proactive! When is the last time you tested your backups?
  • Don’t mess with your HVAC system just because you have to work in the server room all day. The room is cold for a reason!
  • If you’re using a two-person password system, don’t give your colleague your password just because it’s easier and stops them from bothering you!
  • Stop using group, or department, passwords! All accounts should tie to a specific person.
  • Don’t patch production systems without first testing the patch.
  • Security staff: When is the last time you reviewed running network services and validated their necessity? How are you staying current? Have you looked at your logs lately?

These are just a few general topics and questions for various personnel. Sometimes it takes asking the right questions to provoke thought and light a little fire in employees. After we ask questions or give security advice, we have to do a better job at explaining “why” something should be done.  Without context, employees won’t understand the true value (and impact) of their actions…or lack thereof.

Comments

Feel free to leave a comment...
and oh, if you want a pic to show with your comment, go get a gravatar!





Bottom

Warning: Unknown: open(/home/content/30/5076530/tmp/sess_dchns1atn5kc7butilhoqba6g3, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0