A Best Practices Guide to Information Security
Organizations take great pains to use technology to defend against outside attacks; they work hard to spot and stop the malicious insider who is willfully trying to do ill to systems. However, most organizations fall short in equipping their workers with best practices to make them part of the solution to information security.
The authors first describe the most common problems related to front-line information security, and then provide solutions to each of these problems. This report can be used to evaluate an established program, or to set up a new one. These solutions alone will clearly not stop every threat facing organizations in the information security arena, but they go a long way in closing gaps over which organizations actually have some control. Significant results can be achieved at little or no cost, and can reduce security “noise” so that security professionals can focus on the larger and more dangerous threats that remain.
While most efforts at training on information security focus on what not to do, the authors examine how to incentivize positive actions that organizations can take to improve collective security. This fresh perspective is one that everyone who comes into contact with government — employees, businesses, and citizens — can benefit from. We trust that this report will be useful to all government leaders as they work to prepare, train, and inspire their front-line workers to become stewards of information security.