Information security culture

By -
Employee’s behavior has a big impact to information security in organizations. Cultural concept can help different segments of the organization to concern about the information security within the organization.″Exploring the Relationship between Organizational Culture and Information Security Culture″ provides the following definition of information security culture: ″ISC is the totality of patterns of behavior in an organization that contribute to the protection of information of all kinds.

Information security culture needs to be improved continuously. In ″Information Security Culture from Analysis to Change″, authors commented, ″It′s a never ending process, a cycle of evaluation and change or maintenance.″ To manage the information security culture, five steps should be taken: Pre-evaluation, strategic planning, operative planning, implementation, and post-evaluation.

  1. Pre-Evaluation:to identify the awareness of information security within employees and to analysis current security policy.
  2. Strategic Planning: to come up a better awareness-program, we need to set clear targets. Clustering people is helpful to achieve it.
  3. Operative Planning: we can set a good security culture based on internal communication, management-buy-in, and security awareness and training program.
  4. Implementation: four stages should be used to implement the information security culture. They are commitment of the management, communication with organizational members, courses for all organizational members, and commitment of the employees.


Comments

Post a Comment

Popular posts from this blog

MySQL ,My Sequel,relational database management system,Linux, Apache, MySQL, Perl

By -
MySQL officially, but also called  "My Sequel") is (as of July 2013) the world's second most[a] widely used relational database management system (RDBMS) and most widely used open-source RDBMS.It is named after co-founder Michael Widenius's daughter, My.The SQL acronym stands for Structured Query Language. The MySQL development project has made its source code available under the terms of the GNU General Public License, as well as under a variety of proprietary agreements. MySQL was owned and sponsored by a single for-profit firm, the Swedish company MySQL AB, now owned by Oracle Corporation. MySQL is a popular choice of database for use in web applications, and is a central component of the widely used LAMP open source web application software stack (and other 'AMP' stacks). LAMP is an acronym for "Linux, Apache, MySQL, Perl/PHP/Python." Free-software-open source projects that require a full-featured database management system often use MySQL. For
Read more