I just read a blog post (below) that advocates/suggests that orgs/CPOs/CCOs/CISOs/ISOs use carrots (vs. the usual sticks) to entice employees, etc. to embrace privacy/compliance/InfoSec.
However, I have found that carrots work for training & awareness on an individual basis. In my (humble) opinion, the best way to have individuals follow best practices/policies/processes/procedures is to provide carrots to functions/departments/business units.
Why, you ask?
Well, such a strategy embraces espirit de corps, AND to be able to have such a competition one must have security metrics defined via an Enterprise Security Architecture (ESA)! Last but not least, to measure and analyze the results one must have a privacy/compliance/InfoSec dashboard and/or balanced scorecard....
So, a savvy CPO/CCO/CISO/ISO can leverage these methods for much more than having the org read and follow best practices.
Blog:
http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1526876,00.html?track=NL-430&ad=811361&asrc=EM_NLT_13246141&uid=8266525
Now the genesis for all of this is a report (below) from the Ponemon Institute that states that those who embrace compliance have a lower cost associated with a data breach than those who ignore compliance all together.
Ponemon Report:
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1526917,00.html?track=NL-430&ad=811361&asrc=EM_NLT_13246143&uid=8266525
No comments:
Post a Comment