Main Objective: “to ensure employees and contractors are aware of and fulfil their information security responsibilities.” Technology (and the potential for breaches) has entered every facet of business today. It’s not enough to rely on your IT departments to make sure staff is educated about data loss and how to prevent it.
The initial responsibility lies with the existing management of the organization. They should make sure that contractors or employees are properly briefed about their security roles and responsibilities and along with that, they should be provided with guidelines about what should be done in case of emergency.
Training should be provided on a regular basis to all employees based on the areas where employee expertise is lacking. Training is particularly important for IS professionals, given the rapid rate of change of technology and products. Training not only assures more effective and efficient use of IS resources but also strengthens employee morale.
They need to know what the security protocols are, how to develop and use strong passwords and what to do if they suspect trouble or have misplaced a device that they also use for business.
Human Resources professionals are responsible for ensuring that employees comply with security policies that are designed to protect your firm, your clients and your workforce. During employment, all staff members have a duty of care towards their organization’s information assets.
employees with access to sensitive information in an organization should receive periodic reminders of their responsibilities and receive ongoing, updated security awareness training to ensure their understanding of current threats and corresponding security practices to mitigate such threats.
Appropriate roles and responsibilities assigned to each job description need to be defined and documented in alignment with the organization’s security policy.