Interview with Scott Barman, author of "Writing Information Security Policies"
by Mirko Zorz - Thursday, 10 April 2003.
Bookmark and Share
The first failure is to not have a proper security awareness program. If the users do not know what is in the infosec policies or what is expected of them as part of that policy, how does the organization expect these users to follow the policy? Unfortunately, most organizations either do not have a security awareness program or have one as part of employee orientation and they do not follow it up with refresher courses.

Having sound policies that understand that the insider is the greater threat, a solid security awareness program, a proactive security enforcement program, and a commitment from management are the keys in meeting this challenge.


What are your future plans? Any exciting new projects?

Not long ago, I contributed a chapter to Que Certification's "CISSP Training Guide." I wrote Chapter 3, Security Management and Practices. I have also been working with the SANS Institute to review some exciting new courses they will be offering. I am also working on a book proposal with a colleague. This should be fun!

Spotlight

Is it time to professionalize information security?

Posted on 23 May 2013.  |  The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.


Daily digest

By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
  
Weekly newsletter

With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
  

 
DON'T
MISS
Fri, May 24th
    COPYRIGHT 1998-2013 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //