Effective Security Policy Messaging Important - Page 2
End users tuning you out? Here's a three-step process for taking human factors into account in your security program (and even using them to your advantage).
A policy created in this way is a tool that each member of the business unit can use in a manner consistent with the agreed-upon security protocol.
This early alignment in the creation and implementation of policies is thus analogous to security being one of the integral threads woven into the fiber of the aforementioned patch, thus making it stronger and less likely to develop new holes.
This way, policy isn't based on disconnected silos of knowledge, and your employees aren't being placed in the position of having to choose between business success and policy adherence.
So how do you go about engaging your employees and communicating your policies? Think globally, but act locally.
You may have a global workforce message, but you must tailor that message for comprehension and relevance at a local level based on cultural, linguistic and other social factors.
Now let's discuss existing policies that were created in the overlay fashion. First, review these policies with the affected business units to assure they don't handicap or stifle business direction.
Recommend that a review of adherence be completed prior to the discussion, as it may provide some measurable clues to a policy's effectiveness.
Then recraft these policies to align with the reality of actual business objectives and goals.
Ultimately, the key is to ensure that your colleagues understand both the "why” of the policy and their share of ownership in the policy's existence.
The empowerment of the ownership of any security policy by those most affected will increase adherence and address the risk that the policy is designed to mitigate.
The exercise of the what of the policy follows with understanding, if not enthusiasm.
Ideally, security professionals will use this three-step process of discussion, creation and messaging.
Each step reflects a consideration of geographical, cultural and generational diversity, but also positions the arrival of policy in a manner designed to assure resonance and understanding, as well as applicability.