TM - December 2007 - (Page 46) New security threats and identity-theft schemes are being developed every day, and large corporations continually invest millions of dollars and thousands of man-hours to keep their information and identity safe and their network secure. But investing time and money into securing the organization and its customers can be completely undermined if employees don’t understand their role in the security plan. Even when an organization has state-of-the-art technology, strict security policies and a highly skilled IT staff to manage policies, some organizations are not as secure as they could be. In fact, a recent survey, conducted at Interop New York 2006, showed 40 percent of IT managers surveyed reported their organization had experienced at least one security breach in the last year. Unknown security risks — from the top down — need a basic understanding of security policies, as well as their respective responsibilities in protecting these assets. Management personnel with security responsibilities require additional training. Without this understanding, organizations cannot hold employees accountable for protecting the organization’s resources and ultimately, its profitability. To be effective, a security awareness program must be ongoing and include continuous training, communication and reinforcement. A one-time presentation or a static set of activities is not sufficient to address the ever-evolving threats to the security landscape. The key messages, tone and approach must be relevant to the audience and consistent with the values and goals of the organization. Equally important, an awareness program must influence behavior changes that deliver measurable benefits. Internal Evaluation Employees can unknowingly pose security risks to the organization they work for in a number of ways: • Poorly designed passwords may increase the risk of network attack. • Improper control of laptops or other mobile devices can lead to the loss of proprietary information. • Failure to update virus software may lead to the infection of one or many computers. • Surfing the Web and downloading files from the Internet can reduce network bandwidth and worker productivity. • Falling prey to a social engineering attack may lead an employee to divulge confidential information. However, with the right training, employees can become an organization’s strongest security asset. A security awareness program enables organizations to improve their security posture by offering employees the knowledge they need to better protect the organization’s information through proactive, security-conscious behavior. To successfully protect information assets, employees at every level One of the most overlooked, yet significant steps in creating an effective employee security awareness program is assessing existing security practices and employees’ level of security awareness. Organizations must evaluate their current environment and determine if there are any security awareness problems or particular needs to address. Answering the following key questions will help provide a useful assessment: • Is there a security policy that is enforced across the entire organization? • Do employees know the security policy? • What are the practices and technologies in place that can help detect a security breach? • Do employees know what to do if they detect a security violation? Answering these questions can help organizations define objectives and goals for any awareness training program. The objectives should also align with December 2007 talent management magazine www.TalentMgt.com 45 http://www.TalentMgt.com
Table of Contents Feed for the Digital Edition of TM - December 2007 Talent Management - December 2007 Editor's Letter Contents Letters to the Editor Human Performance Leading Edge Capabilities The Engaged Difference: What People Want Analytics in Talent Management: The Sports View The Use of Merchandise for Employee Recognition Taking Aim at Performance Appraisals Talent Management Drives Organizational Change Generational Diversity: Mastering the Boomer-X-Y Divide Dashboard: Security-Savvy Workforce: Designing a Security Awareness Program That Works Application: Hilton Hotels Corporation:Checking Out the Merits of Paperless Efficiency Insight: Unlimited Engagement: Innovative Corporate Communication at Deloitte & Touche USA Advertisers' Index Editorial Resources Foundations TM - December 2007 TM - December 2007 - (Page Sponsorshi) TM - December 2007 - Talent Management - December 2007 (Page Cover1) TM - December 2007 - Talent Management - December 2007 (Page Cover2) TM - December 2007 - Editor's Letter (Page 4) TM - December 2007 - Editor's Letter (Page 5) TM - December 2007 - Editor's Letter (Page 6) TM - December 2007 - Editor's Letter (Page 7) TM - December 2007 - Contents (Page 8) TM - December 2007 - Contents (Page 9) TM - December 2007 - Letters to the Editor (Page 10) TM - December 2007 - Letters to the Editor (Page 11) TM - December 2007 - Human Performance (Page 12) TM - December 2007 - Human Performance (Page 13) TM - December 2007 - Leading Edge (Page 14) TM - December 2007 - Leading Edge (Page 15) TM - December 2007 - Capabilities (Page 16) TM - December 2007 - Capabilities (Page 17) TM - December 2007 - The Engaged Difference: What People Want (Page 18) TM - December 2007 - The Engaged Difference: What People Want (Page 19) TM - December 2007 - The Engaged Difference: What People Want (Page 20) TM - December 2007 - The Engaged Difference: What People Want (Page 21) TM - December 2007 - Analytics in Talent Management: The Sports View (Page 22) TM - December 2007 - Analytics in Talent Management: The Sports View (Page 23) TM - December 2007 - Analytics in Talent Management: The Sports View (Page 24) TM - December 2007 - Analytics in Talent Management: The Sports View (Page 25) TM - December 2007 - The Use of Merchandise for Employee Recognition (Page 26) TM - December 2007 - The Use of Merchandise for Employee Recognition (Page 27) TM - December 2007 - The Use of Merchandise for Employee Recognition (Page 28) TM - December 2007 - The Use of Merchandise for Employee Recognition (Page 29) TM - December 2007 - The Use of Merchandise for Employee Recognition (Page 30) TM - December 2007 - The Use of Merchandise for Employee Recognition (Page 31) TM - December 2007 - Taking Aim at Performance Appraisals (Page 32) TM - December 2007 - Taking Aim at Performance Appraisals (Page 33) TM - December 2007 - Taking Aim at Performance Appraisals (Page 34) TM - December 2007 - Taking Aim at Performance Appraisals (Page 35) TM - December 2007 - Taking Aim at Performance Appraisals (Page 36) TM - December 2007 - Taking Aim at Performance Appraisals (Page 37) TM - December 2007 - Talent Management Drives Organizational Change (Page 38) TM - December 2007 - Talent Management Drives Organizational Change (Page 39) TM - December 2007 - Generational Diversity: Mastering the Boomer-X-Y Divide (Page 40) TM - December 2007 - Generational Diversity: Mastering the Boomer-X-Y Divide (Page 41) TM - December 2007 - Generational Diversity: Mastering the Boomer-X-Y Divide (Page 42) TM - December 2007 - Generational Diversity: Mastering the Boomer-X-Y Divide (Page 43) TM - December 2007 - Dashboard: Security-Savvy Workforce: Designing a Security Awareness Program That Works (Page 44) TM - December 2007 - Dashboard: Security-Savvy Workforce: Designing a Security Awareness Program That Works (Page 45) TM - December 2007 - Dashboard: Security-Savvy Workforce: Designing a Security Awareness Program That Works (Page 46) TM - December 2007 - Dashboard: Security-Savvy Workforce: Designing a Security Awareness Program That Works (Page 47) TM - December 2007 - Application: Hilton Hotels Corporation:Checking Out the Merits of Paperless Efficiency (Page 48) TM - December 2007 - Application: Hilton Hotels Corporation:Checking Out the Merits of Paperless Efficiency (Page 49) TM - December 2007 - Insight: Unlimited Engagement: Innovative Corporate Communication at Deloitte & Touche USA (Page 50) TM - December 2007 - Insight: Unlimited Engagement: Innovative Corporate Communication at Deloitte & Touche USA (Page 51) TM - December 2007 - Insight: Unlimited Engagement: Innovative Corporate Communication at Deloitte & Touche USA (Page 52) TM - December 2007 - Editorial Resources (Page 53) TM - December 2007 - Foundations (Page 54) TM - December 2007 - Foundations (Page 55) TM - December 2007 - Foundations (Page Cover3) TM - December 2007 - Foundations (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.