Looking for creative ways to improve security compliance

zephyr

I'm looking for creative and effective ways to improve security compliance at my company. I've done all of the usual things - posters, email reminders, etc. to end users What have you done that was effective? I'm hoping to be inspired!!!

Tags: security
Topic: Networking
Answer this Question

Answers

2 total
dblacharski
Vote Up (29)

I may sound cynical, but I think the best approach is to assume a certain level of laziness on the part of end users. If you assume that people will always take the path of least resistance, you will know from the beginning that there is bound to be use of default passwords, sending sensitive files via regular email, use of unauthorized apps, and other security faux-pas. Starting with that assumption, you have to then assume that "soft" enforcement such as email reminders aren't going to work, and you must instead then look towards implementing technological enforcement. For example, if your policy calls for people to use a certain level of password complexity and to change passwords once a month, lock them out if they don't do so. If your security policy prohibits use of IM on company computers, then block IM at the firewall level.

dblacharski
Vote Up (29)

I may sound cynical, but I think the best approach is to assume a certain level of laziness on the part of end users. If you assume that people will always take the path of least resistance, you will know from the beginning that there is bound to be use of default passwords, sending sensitive files via regular email, use of unauthorized apps, and other security faux-pas. Starting with that assumption, you have to then assume that "soft" enforcement such as email reminders aren't going to work, and you must instead then look towards implementing technological enforcement. For example, if your policy calls for people to use a certain level of password complexity and to change passwords once a month, lock them out if they don't do so. If your security policy prohibits use of IM on company computers, then block IM at the firewall level.

Ask a question

Join Now or Sign In to ask a question.
The Alliance of Artists and Recording Companies is suing Ford and General Motors for violating copyrights with the CD-ripping capability of their cars. The lawsuit calls for punitive damages equal to $2,500 per CD-R player installed.
Amazon.com is investing US$2 billion more in India, which is witnessing an online retail boom.
Amazon.com believes that pricing e-books at US$9.99 will boost sales by over 74 percent as the books are highly price-elastic.
Twitter more than doubled its sales in the second quarter, the company reported Tuesday, showing a strong advertising business.
Early one morning in April last year, someone accessed an underground vault just south of San Jose, California, and cut through fiber-optic cables there. The incident blacked out phone, Internet and 911 service for thousands of people in Silicon Valley.
New Dynamic Perspective sensors help boost cost, though display costs are minimal, IHS says.
Uber and Airbnb, which have already proved popular with travelers and urbanites with smartphones, have unveiled new features and links to other services designed to attract more business users.
Microsoft and IBM are gaining momentum in the cloud infrastructure services market, putting pressure on Amazon and outpacing rival Google, according to a new study.
If you're looking for a place to stay where you can hole up with Netflix in the evening, avoid some of the hotel industry's biggest names.
If there are no bees left what will save agriculture? Robots, of course!