This article on security policies is the first in a three-part series on information security.
- By Rutrell Yasin
- Sep 25, 2006
Editor’s note: This is the first article in a three-part series on security policies. The next
article will provide information about training employees, and the last article will focus on the
latest technologies for ensuring security compliance.
Last year, hurricanes battered the country. This past summer, reports of stolen laptop computers and data security breaches at government agencies kept our heads spinning.
Lawmakers, government officials and citizens expressed alarm about security lapses and network intrusions that potentially compromised millions of people’s personal information at agencies such as the Department of Veterans Affairs, the Energy Department and the Navy.
The theft of a VA employee’s laptop that contained the personal information of 26 million veterans was a rude wake-up call. Feds realized that they needed to implement stricter guidelines and enforcement systems to minimize the amount of data that leaves their offices. In this age of mobile computing and telework programs, agencies must create security policies that stipulate what information employees can download to portable devices. The policies must also indicate what data users need to encrypt.
Protecting data is more than a policy decision. Agencies must train employees to become more security savvy, and in some respects, they must change the culture of their organizations. And, of course, agencies must implement the right technology to protect data in and outside their organizations.
With that in mind, we begin a three-part security series that looks at how agencies are adapting their policies after a wave of security breaches.
Next week, we will explore how agencies are training their information security employees to stay abreast of the latest cyberthreats and helping the rest of their workers increase their security awareness. Finally, we’ll take a look at the latest technologies that agencies can deploy to make sure employees comply with security policies and protect organizations from insider threats. We will also focus on new technologies that agencies can use to secure mobile data.
We hope that by the end of the series, you’ll have a better understanding of the security policies, training and tools that can help you prevent data leakage.