Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 8: Information security awarenes... > Designing an effective information s... - Pg. 219

198 CHAPTER 8 Information security awareness training Another reason companies do not implement an information security awareness program is that management may have the impression that employees are ade- quately reviewed and vetted during the hiring process. The prevailing thinking is, "We have good people. They have a vested interest in the company. They are loyal, honest, and law-abiding citizens of the enterprise. So why do we need to train them in safeguarding sensitive information properly?" Sounds a little stu- pid, I know, but, employees are also human, and humans make mistakes. Never assume that new employees understand how to safeguard sensitive information properly. It is the unintentional mishaps due to a lack of knowledge that present the threat. A solid Information Security Awareness Program assures all employees, new hires, and existing employees clearly understand and exhibit the right behav- iors to protect customer, employee, business, and company sensitive information. These information assets, when in the wrong hands, generate a significant risk to the company. Thus, a good Information Security Awareness Program is not only a risk avoidance program but also a significant countermeasure to low tech hacking activity that every company faces today from inside and outside the company's walls.