next up previous
Next: 3.1.10 User-level security policy Up: 3.1 Local Network: Security Previous: 3.1.8 Personnel security

3.1.9 Training

Most information resource security problems involve people. Problems can usually be identified in their earliest stages by people who are attuned to the importance of information protection issues. A strong training program will yield large benefits in prevention and early detection of problems and losses. To be most effective, training should be tailored to the particular audience being addressed.

Most employees want to do the right thing, if company expectations are clearly communicated. Internal policies can be enforced only if staff have been made aware of their individual responsibilities. All personnel who access company computer systems should be aware of their responsibilities under company policy, as well as obligations under the law. Disciplinary actions and legal penalties should be communicated.



Denis Arnaud
12/19/1997