A Holistic Approach For Security Encompasses Technology, Process And People

1629 Words7 Pages
##Staff Awareness & Communications## While a holistic approach to security encompasses technology, process and people - the main focus of this chapter is on *“the people”*- this is the area of greatest impact. One can have the best technology and practices in place, however, if they are not used or followed appropriately, then other efforts will fall short of safeguarding an organization against security threats. In most small-to-mid sized organizations, the system administrator is the first level contact for end-users for computer & network support. In addition to monitoring the network & data security, System Administrators should assume the responsibility of educating their end-users on security best practices. After all, end-users…show more content…
Refer to Chapter 2 on recommended tech policies. **3.2 Identifying ‘privileged’ users** Your organization’s Risk Assessment (Refer to Chapter 1) will identify users within the organization who need access to sensitive data. This will help you short-list the ‘privileged’ users in your organizations. They could include your organization’s executives, accounting staff, human resources staff, individuals working on high-stake projects such as business plans, financial forecasts, project strategies, donor & partner relationships or in a media organization, this could include the new reporters & editors. Their common trait, from an organizational security perspective, is that they all have more access to sensitive organizational data, making them easier targets for cyber threats as compared to other non-privileged users. Since each user’s workflow & style differs, its imperative to create an individual security plan for them. (Refer to Chapter 7 for best practices related to the *“principle of least privilege”*) These plans should receive their buy-in and address specific data access, storage, sharing and communication tools and protocols. Also, since scenarios keep changing, the security plan should address a

More about A Holistic Approach For Security Encompasses Technology, Process And People

Open Document