Security Awareness Materials Promote Incident Management Best Practice

Share Article

This month's security awareness kit promotes a best practice incident management process. By explaining the process in plain langauge, creative briefings and other presentation materials motivate staff, managers and technologists to lend their support and get involved.

Information security breaches continue to impact all organizations despite the sterling efforts of IT professionals to improve information security. The best practice incident management process promoted in NoticeBored’s information security awareness kit for October therefore incorporates a learning loop for continuous improvement.

Through a coherent suite of security awareness materials, October’s NoticeBored kit presents advice on how to recognize, report, investigate, resolve and finally learn the lessons from security incidents.

Plain speaking presentation slides, leaflets, posters, screensavers, case study and desk-drop leaflets in the kit outline the concepts and motivate employees to play their part. “Call the Help Desk promptly to report incidents” is one simple take home message for end-users, along with “Don’t panic!” ... written in large friendly letters.

IT workers are advised to “Leave IT forensics to the experts”. A technical white paper explains that legal action against those who deliberately breach security controls depends on obtaining reliable IT forensic evidence and maintaining the chain of custody. Even something as innocuous as browsing system logs may taint the evidence and prevent its use in court.

Managers and directors are addressed through succinct management briefing papers and a sample policy on incident management is included in the kit. A mind map diagram gives an overview of the entire process.

The monthly topic-based awareness materials complement NoticeBored’s intranet system for managing information security policies, standards and guidelines. To find out more about NoticeBored’s innovative approach to information security awareness, visit http://www.NoticeBored.com.

About IsecT Ltd.

IsecT (“Putting security into IT”) is an independent British consultancy specializing in IT governance, information security, IT risk management and computer audit. Please visit http://www.isect.com for more information.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Gary Hinson
Visit website