External stakeholders pose risk, but internal stakeholders can pose more risk. Focus on areas such as access and privacy controls and instill security policy and compliance from the inside out. Guard with targeted precision, and your protection will be stronger.
5. Security should be made as simple as possible, but not any simpler. Einstein said, "Things should be made as simple as possible, but not any simpler." Security should be as simple and user friendly as possible, but still adequate to meet the needs of the organization.
Easy-to-execute security training and qualification is necessary to ensure compliance and improve security. Remember, most of the time employees will choose to address the pressures of their job over the drudgery of reading a security policy. Thus, the quality of the training is essential. Some leading organizations are using game technology for security training to help engage their staff members with security policies and practices.
Similarly, security product and service firms are focusing on effective interfaces and performance levels in their designs. Select the best systems and services to enable your company's policies. In some cases, it is actually as easy to be secure as it is to send a file. It costs one click.
Sign up for CIO Asia eNewsletters.