CIOs can reduce, and possibly eliminate, an organization's risk from these errors by creating and implementing a comprehensive set of IT security policies aimed at user behavior. These policies, along with efforts to educate users about how to eliminate security weaknesses, can thwart future vulnerabilities and boost awareness about security issues throughout the enterprise.
Defining IT security policies and making them operational is no light task, according to TechRepublic members. A good security policy must address both end users and administrators. On the user side, policies should address how the staff is allowed to make use of computer equipment and applications, according to TechRepublic member William Graham, president of G&G Computing consultancy in Fort Campbell, KY. Graham recommends that end-user policies include the following:
The link for this article located at ZDNet is no longer available.