Disseminating Policies Flashcards
1
Q
Disseminating Policies
A
- Policies should be promoted/supported by a security
education, training, and awareness (SETA) programme that
helps employees do their jobs securely
2
Q
Education:
A
- Not everyone needs formal degree or certificate in info security
- But some roles may require certain employees to hold/attain
info security academic qualifications or industry certification
3
Q
Training
A
- EVERYONE in an organisation needs to be trained and aware
of information security - Provides employees with hands-on instruction and detailed
info designed to prepare them to perform duties securely - Management of info security can develop customised in-house
training or outsource training
4
Q
Awareness
A
- keeps info security at forefront of the user’s mind
- can be as simple as security posters, newsletters, flyers, etc
- may include printed mouse-pads or company mugs
5
Q
NCSC Guidance:
Good security governance should:
A
Link security activities to your organisation’s goals
and priorities identify the individuals, at all levels, who are
responsible for making security decisions and empower them
to do so
- Ensure accountability for decisions
- Ensure that feedback is provided to decision-makers on the
impact of their choices - Fit into an organisation’s wider approach to governance.
Security needs to be considered alongside other business
priorities, such as health and safety, or financial governance.
6
Q
Incidents happen
A
Preventive activities based on the results of risk assessments
can lower the number of incidents.
- but not all incidents can be prevented
An incident response capability is therefore necessary for:
* rapidly detecting incidents,
* minimising loss and destruction,
* mitigating the weaknesses that were exploited,
* and restoring IT services.