ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Info Quest

•
•
Lalita Sinha
Lalita Sinha

The document discusses challenges that organizations face in keeping up with changing technology and ensuring information security. It outlines issues around implementing information security policies, including creating awareness among employees, gaining leadership support, and tying policy adherence to performance management. The document advises addressing both technical and human aspects of implementation and viewing policies as a means to protect both the organization and employees.

1 of 3
Download to read offline
t u (-) IO0 o rl tr I l u 0000I r1 1 0 I ,"1 . ;| I'l It l EDITION I- NOVEMBER 2016 www. infocon g loba L org ..'-,. '/ / ,/./ , 4':/
Lotttd siDha I vp, HR af on ptace$ rechnotagy One of the cha lenges orqan zaUons tdce is the.osit oI k€epinq pace r!th eve. {hangtng technotogy.-i - ft,.de 'le bed lo uooara Dot e .. I .an. r,rF th€ orgd1, d ,on updd.ps iecl rooJ/ 'dr.i Lo do o .-"." .""{**.;,;;".;;;;,-pro.esses and infomrtion vulnerabte to l.s :nn damaqes. I" .,""ri", iri;rd;; ;;"r:;;;typolici€s, many factors dive poticy recutremsts .These requirements rnclude orsanration,;;ze,procie. pco .roma.,or.rdtranorF.iar,on.o..F..o.gdn/Ero. ,*;,p"r-;.'irt i"..both,techn cal and human cha enecs to ,;p,€ neit then,. n" t-"v t.,"ioiirp[#""r*jffi,Lr:_emptoyee a(ceptance and manaqement ent oi the tmployeeiare iorowd;. -'- -.'- ''"'""-ent' a policv is rvorth lttie or not'hlnq ii none hplementatioh Issues - HR front rmpe.nentation or lhe pot.e5 nrust srarr w,rh rhe jourfey of creating .war€ness within theoroaa ai,o a,dbvou'a q.o-"nsu,on,t"^aForo.noren.nrtnppo.^ r, ,":";;.":;-.,".,,*lha'd(',-e 'ma.o"o r.uit.-Den-.,.r.nrrmotro_e-rpoobear.",t_ellrjr o-,"nbe . or" , ru,lFngrng u r. I o r 116 16 rr o,ogi, "r .,6 T'r- rDI m".tdro o. e.u, tupo..c". . 01-9. 1'.. _ " a) o..,o.9-. enp.o,a. r. aosorbrr'moo1ai' o.ot"Lhairri .-d-0... i.vihDia b. cdu.p oi r+ . . i"ro..o,o..n",r-:"1.,Undernanding thr5 s an imDer.tive whe. .r t"."",":::ll tj,.:m":'H:il; H;:,"I?[Xiff :[?,"?,? fl " I"J:?"i::ff ";iJ ji:il# Or'1 . ' s .o oru"-*. .dr .ropo(ro.erpdcfl.eD,ob.-T.a...n. rcJ | -perrrtdronolre e', ,oo,i rp.-h"tq...o,.re no.,,coeao..o.,ptd,nhorrrr"por.re",",.,.,,;.;"., 1o-' d,d r-.-d'.pa. " r ", ". -..,"..".., "-r..,:;,;awar€ness messages. rf s.clrities poticies are nc un,rporlarl " 'nlo 'Fd' arpio/pp' ""',ul , *."' " '."" .i L€ade6hip needs the broad rnandates wthr. H w'.roJLlillnesF.J',flo,'.;,;"...;,;,,.":. rd.rdd.p. rh6 e,q ,, - ;.;" ,p . ," ,, : i' o .t1" "'e ' r -_, nporarLd-d Ih:." ^o rLrb 06_0r_.1-. s. ,r .-- I - i,n anoga ?tio'.. 'r"o. ..drr..,ln.n."iD.o.€".t,." ,, ,, -,:,:-rDI'{.-cndrcboe,',o1],.o.!.4.6Lopoh.:',,,-.. TplemQ ,r .r.ur q po|e Hos/evo, rr d job des.rp.ron r]j .. Lde o. .v."-"",".-r ":"""..1 i - "".;':"-;::":"i1".. , , "..,"; imts on ther trne and reso!r.4 teilE rt s m ,1ro-s-ru,F""*.,._t"" "" "",::;:, ".1:t:. """::". , ,, ";,,: rnfoqup<t . r. lou-nat on tnformarion secur iti rvw! inr..ong cbat orq ,cqe 12oJBs
I :i -:_::...th eadership, stakehord€rs, contro partners dfd reguarors.They are qood nd.arion o: i .:- :f the system and eve or adherence to informaton secLrrity poticies tithn. Tlre key ro...:c.t-itt oo1 'p. r. b) !rconpdr ,irq..e "," ton_. .'do-oelin"s. ldvrrorh.Tert:oro..rFgu06-p. .d.reFdtoDeto.oreo nlne^RA ::::-::i.ticilyempollertheorganizarionrotake.ppropri.teactjontosafeguardtsdara ::: . :_: ael verables from a pertormance appra sa shou d: : :ommunicate a consensus oi judgmeft through vuln€r.btib,/ assessment. Th s caf be done :/ Asset ldenrification and rhreat idenUrication -_ . -eeds ro De a Ll€,doiiq App-r.a -.,a, de.ern .- ntur L enr e J.rv ..-rL lesos tlat n 9.t e/po, ltse dFpa-Te-r aq.-r, ro the tnrears : isk mitiqation .. Thts piec€ woutd ldeniiry rhe tools and procedures that are nee.ied to m tigate rlsk of his/her department/Verticat. : 9etai out the compti.fce by ev.tuation of new ass€ts and threats .Th s procedure sholld be 3rgoinq and seryes to identily new risk ofdl€.onc€rned department of tire ernptoyee. :_.-:. :ounsel from the HRDesk ..-when tying po|cy adherence to performance ma ragement, fa.us':- : .e on measurng rLk to the business as oppased ta neasurinq tnp/ementa1on;t cotic;es and : 1e1t'49 .e-J'iY oo,.y Ted.s.o-(- rous.o--rTLn',aro1wtn th€ arrDio/ees. tr merns oemo' :3'Fnt rbout whar s ^o..rng .-a ,1d. . 101 wor -a. perr.F .r 15 .To",a ve *.-,ty ;"|;."., -: .ace wth the orqaiizations growth. -r :.ncude lets 90 over the key touch potnts. -- ::r, wlren the organizarion is mptemenring securiqr policies urey dre irnptementing chanqe. This : 9e.d1 nclude mplerenr,lg bLsiress oersoectves.ra orgd,,,ariond vatues. whi.r mear;'. :lna the orsdrna.on rq inpte-rert T cLlrure changp d- .i.. * ,"*,,ry .onr,".. .t""." ri:.1"1t Io tnd a ,edder in lhe o gan ror o'1 w1o cai be dn dqant ot cnange . rrc.F d," tuOe,i ".]o-r1orawal!totowthFpackardcdn.hinrolr o.rheoo, They rar gud; rhrorqt niTot"mprr.g -c-orrlly leLotrdtara.rpareo(op.onolprlepo,-yvsro .-oLdbF rs€d 1 se-L.iy .wo-FrF.9 1rd./,lt the Job de.crpton does rcr'n.tude poxcy.tl,t'rc-L r1e aTptoyee woutd not ree,rre rhnershrp n the slccels ol the secuaty polcy. aonseqLrently securty poticies ar€ not onty Lrsed to protecr rhe organizarion but the emptoyee ds wel. InroQuest - A Journat on rnformation Securaty A !ub icat on fr.m Infoccn 6 obat ,rq rfocci!to5n.rll

More Related Content

Info Quest

  • 1. t u (-) IO0 o rl tr I l u 0000I r1 1 0 I ,"1 . ;| I'l It l EDITION I- NOVEMBER 2016 www. infocon g loba L org ..'-,. '/ / ,/./ , 4':/
  • 2. Lotttd siDha I vp, HR af on ptace$ rechnotagy One of the cha lenges orqan zaUons tdce is the.osit oI k€epinq pace r!th eve. {hangtng technotogy.-i - ft,.de 'le bed lo uooara Dot e .. I .an. r,rF th€ orgd1, d ,on updd.ps iecl rooJ/ 'dr.i Lo do o .-"." .""{**.;,;;".;;;;,-pro.esses and infomrtion vulnerabte to l.s :nn damaqes. I" .,""ri", iri;rd;; ;;"r:;;;typolici€s, many factors dive poticy recutremsts .These requirements rnclude orsanration,;;ze,procie. pco .roma.,or.rdtranorF.iar,on.o..F..o.gdn/Ero. ,*;,p"r-;.'irt i"..both,techn cal and human cha enecs to ,;p,€ neit then,. n" t-"v t.,"ioiirp[#""r*jffi,Lr:_emptoyee a(ceptance and manaqement ent oi the tmployeeiare iorowd;. -'- -.'- ''"'""-ent' a policv is rvorth lttie or not'hlnq ii none hplementatioh Issues - HR front rmpe.nentation or lhe pot.e5 nrust srarr w,rh rhe jourfey of creating .war€ness within theoroaa ai,o a,dbvou'a q.o-"nsu,on,t"^aForo.noren.nrtnppo.^ r, ,":";;.":;-.,".,,*lha'd(',-e 'ma.o"o r.uit.-Den-.,.r.nrrmotro_e-rpoobear.",t_ellrjr o-,"nbe . or" , ru,lFngrng u r. I o r 116 16 rr o,ogi, "r .,6 T'r- rDI m".tdro o. e.u, tupo..c". . 01-9. 1'.. _ " a) o..,o.9-. enp.o,a. r. aosorbrr'moo1ai' o.ot"Lhairri .-d-0... i.vihDia b. cdu.p oi r+ . . i"ro..o,o..n",r-:"1.,Undernanding thr5 s an imDer.tive whe. .r t"."",":::ll tj,.:m":'H:il; H;:,"I?[Xiff :[?,"?,? fl " I"J:?"i::ff ";iJ ji:il# Or'1 . ' s .o oru"-*. .dr .ropo(ro.erpdcfl.eD,ob.-T.a...n. rcJ | -perrrtdronolre e', ,oo,i rp.-h"tq...o,.re no.,,coeao..o.,ptd,nhorrrr"por.re",",.,.,,;.;"., 1o-' d,d r-.-d'.pa. " r ", ". -..,"..".., "-r..,:;,;awar€ness messages. rf s.clrities poticies are nc un,rporlarl " 'nlo 'Fd' arpio/pp' ""',ul , *."' " '."" .i L€ade6hip needs the broad rnandates wthr. H w'.roJLlillnesF.J',flo,'.;,;"...;,;,,.":. rd.rdd.p. rh6 e,q ,, - ;.;" ,p . ," ,, : i' o .t1" "'e ' r -_, nporarLd-d Ih:." ^o rLrb 06_0r_.1-. s. ,r .-- I - i,n anoga ?tio'.. 'r"o. ..drr..,ln.n."iD.o.€".t,." ,, ,, -,:,:-rDI'{.-cndrcboe,',o1],.o.!.4.6Lopoh.:',,,-.. TplemQ ,r .r.ur q po|e Hos/evo, rr d job des.rp.ron r]j .. Lde o. .v."-"",".-r ":"""..1 i - "".;':"-;::":"i1".. , , "..,"; imts on ther trne and reso!r.4 teilE rt s m ,1ro-s-ru,F""*.,._t"" "" "",::;:, ".1:t:. """::". , ,, ";,,: rnfoqup<t . r. lou-nat on tnformarion secur iti rvw! inr..ong cbat orq ,cqe 12oJBs
  • 3. I :i -:_::...th eadership, stakehord€rs, contro partners dfd reguarors.They are qood nd.arion o: i .:- :f the system and eve or adherence to informaton secLrrity poticies tithn. Tlre key ro...:c.t-itt oo1 'p. r. b) !rconpdr ,irq..e "," ton_. .'do-oelin"s. ldvrrorh.Tert:oro..rFgu06-p. .d.reFdtoDeto.oreo nlne^RA ::::-::i.ticilyempollertheorganizarionrotake.ppropri.teactjontosafeguardtsdara ::: . :_: ael verables from a pertormance appra sa shou d: : :ommunicate a consensus oi judgmeft through vuln€r.btib,/ assessment. Th s caf be done :/ Asset ldenrification and rhreat idenUrication -_ . -eeds ro De a Ll€,doiiq App-r.a -.,a, de.ern .- ntur L enr e J.rv ..-rL lesos tlat n 9.t e/po, ltse dFpa-Te-r aq.-r, ro the tnrears : isk mitiqation .. Thts piec€ woutd ldeniiry rhe tools and procedures that are nee.ied to m tigate rlsk of his/her department/Verticat. : 9etai out the compti.fce by ev.tuation of new ass€ts and threats .Th s procedure sholld be 3rgoinq and seryes to identily new risk ofdl€.onc€rned department of tire ernptoyee. :_.-:. :ounsel from the HRDesk ..-when tying po|cy adherence to performance ma ragement, fa.us':- : .e on measurng rLk to the business as oppased ta neasurinq tnp/ementa1on;t cotic;es and : 1e1t'49 .e-J'iY oo,.y Ted.s.o-(- rous.o--rTLn',aro1wtn th€ arrDio/ees. tr merns oemo' :3'Fnt rbout whar s ^o..rng .-a ,1d. . 101 wor -a. perr.F .r 15 .To",a ve *.-,ty ;"|;."., -: .ace wth the orqaiizations growth. -r :.ncude lets 90 over the key touch potnts. -- ::r, wlren the organizarion is mptemenring securiqr policies urey dre irnptementing chanqe. This : 9e.d1 nclude mplerenr,lg bLsiress oersoectves.ra orgd,,,ariond vatues. whi.r mear;'. :lna the orsdrna.on rq inpte-rert T cLlrure changp d- .i.. * ,"*,,ry .onr,".. .t""." ri:.1"1t Io tnd a ,edder in lhe o gan ror o'1 w1o cai be dn dqant ot cnange . rrc.F d," tuOe,i ".]o-r1orawal!totowthFpackardcdn.hinrolr o.rheoo, They rar gud; rhrorqt niTot"mprr.g -c-orrlly leLotrdtara.rpareo(op.onolprlepo,-yvsro .-oLdbF rs€d 1 se-L.iy .wo-FrF.9 1rd./,lt the Job de.crpton does rcr'n.tude poxcy.tl,t'rc-L r1e aTptoyee woutd not ree,rre rhnershrp n the slccels ol the secuaty polcy. aonseqLrently securty poticies ar€ not onty Lrsed to protecr rhe organizarion but the emptoyee ds wel. InroQuest - A Journat on rnformation Securaty A !ub icat on fr.m Infoccn 6 obat ,rq rfocci!to5n.rll