safeguarding information for the security professional
taking the next step
- Ask
new employees if they are obligated
under any confidentiality or nondisclosure
agreements.
- Determine
the monetary/competitive value
of your information.
- Develop
information safeguarding guidelines
that are practical and user friendly.
- Get
user input and buy-in when developing
an information security program.
- Ask
knowledgeable employees what should
be protected; they know the market
and the competition.
- Form
a partnership with the organization's
legal and information systems
departments to better address
information security issues.
- Identify
and get the cooperation of senior
stakeholders in key areas, such
as technology, finance, personnel,
and marketing.
- Train
and periodically remind - from
the first day of work through
the exiting process - the appropriate
people why certain information
needs protection and of the guidelines
used to protect it.
- Work
with management to decide what
access will be given consultants,
subcontractors, and joint-venture
partners.
- Partner
with the legal department and
other to develop a process to
review employee publications,
such as papers and speeches including
those to be placed on the Internet.
- Use
annual performance reviews to
remind employees of their obligations.
- The disgruntled employee is the greatest threat to your organization.
- Telephone conversations, both fixed andm obile, are vulnerable to intercept.
- information regarding the movement of yoru compay aircraft, including routes and destinations, is available for sale on the Internet.
- Be knowledgeable of your organization's physical assets, information assets, and vulnerabilities.
