Six methodologies for the construction of network security culturePosted by Lutz Nissen on February 8th, 2021 In the current severe network security situation, I believe that most kinds of enterprises and institutions haven't any have to say more about the importance of network security, nevertheless the construction of network security culture remains excessively lacking. In line with the report of network security culture 2018 from ISACA Research Institute, 95% of the global respondents believe that there exists a huge gap between their current network security culture construction and the expected final state. The resource investment in the field of network security must give priority to it and system construction of network security culture. At the same time, the annual network security culture assessment must be established To be able to improve staff awareness. In this paper, we will interpret the report on network security culture in 2018. Quan Dang will offer you some valuable tips to relevant people ~ for a business, every living talent may be the core of network security situation strategic management. Nevertheless , a lot of the construction of network security defense system remains on the basis of the old-fashioned war mode, and the core idea is to ensure the security of all borders and resist the enemy. ISACA Institute of security experts pointed out that the original concept in the rapid variation of cyber crime forms and means in front of already vulnerable, the traditional great wall of network security has been filled with holes. Analysts from the world economic forum say coordinated team efforts are necessary to successfully answer the surge in cyber attacks. In a business environment, high end teams are seen as a open communication, trust, cooperation and clear division of responsibilities. The same holds true for network security. Enterprises may take positive actions from top to bottomThe effectation of our attitude and persistent action is greater than that of the national level through technical attack or police intervention. But not every organization and enterprise can establish such a work culture, so that safety awareness and behavior can be seamlessly built-into everyone's daily work. It really is from this back ground that ISACA Institute has conducted a global survey of network security culture, searching for the cultural faculties and techniques of businesses that may do that, and how to manage and maintain digital assets, networks, intellectual property rights and employee behavior. In the digital transformation of enterprises, employees' daily operations of data acquisition, blood supply and processing constitute part of an organization's "network culture". To examine the enterprise's network security culture, we need to deeply study the factors such as for example personal beliefs, stereotypes and habits, which could provide information basis for the analysis of the complete enterprise's security related behavior. Furthermore to security measures associated with i . t, these data can also reflect an organization's risk framework. Research suggests that an effective network security culture requires employees to really have the following traits: clearly determine what needs to be done to make certain terminal security; have the ability to take part in routine security training; earnestly take to the operation techniques and habits specified in network security projects. If all employees have the above mentioned faculties, the enterprise can acquire the following benefits: is able to see the potential risk points; decrease the occurrence of network security incidents; can easily resume business after being attacked by the networkThe ability to develop home based business is greatly enhanced, and customers' rely upon its brand is rising. According to the data obtained in this survey, only 5% of the respondents think that their current network security culture construction meets the expectations. In other words, as many as 95% of the respondents genuinely believe that employees would not have or only have a few of the above characteristics. There exists a serious gap between your reality and the ideal state of network security culture construction, and there exists a gap between enterprise operation, brand loyalty and competition We have seen side effects in terms of competing for advantages. Even though the interviewees are far more or less conscious of this gap, they do not learn how to do it. The most critical problem is the lack of a cohesive management plan and a starting place for all staff. "2018 network security culture report" has an operational roadmap for enterprises with weak network security management and transformation capabilities, which are common features drawn from successful enterprises. Almost 90% of the 4815 respondents who participated in the world wide study believe that the establishment of a stronger network security culture can enhance the business development ability and viability of enterprises: network security is no longer just the responsibility of the cost center, however the driving force of an enterprise's business. In a enterprise, a virtuous circle may be formed when employees obviously understand their roles and responsibilities. When network attacks occur, enterprises can respond in a very flexible way and speed up business recovery through dynamic defense means. A clear architecture can enhance the interaction and understanding between departments, and realize the networkThe comprehensive coordination of the network security scheme, in the case of changing legal guidelines, fast compliance, or in the launch of new technologies, new strategies may be implemented faster. In organizations that have not yet established a powerful network security culture, the lack of a clear management plan or key performance indicators is a common feature. Employees do not think that maintaining network security has much related to their own interests, helping to make enterprises much more likely to be exposed to the risks of data leakage, loss in online business offerings, decline in customer loyalty, regulatory penalties etc. The business has to establish KPI to ultimately achieve the benchmark and opportinity for behavior tracking and improvement, and formulate policies according to KPI to transform risk awareness in to employees' daily behavior and build a conscious safety culture. Only 58% of the respondents said that they had a thorough network security culture management plan and policy. Most of them thought that it absolutely was the responsibility of CISO (60%) or CIO (47%). Only 6% of the respondents invited the recruiting department to intervene to be able to comprehensively promote the implementation of the master plan. Successful communication is frequently two-way, usually starting with listening to employees. About 46% of businesses took measures before year to gauge employees' views or comprehension of the organization's cyber security culture or guidelines. Experts say that employees' assumptions or impressions about cyber security are necessary to forming a knowledge of personal responsibility. Developing a cross team core network security culture team can arouse the participation of the entire peopleSenior management adds cyber security to the standing agenda of the board of directors to ensure there are always adequate resources to guide the program and resolve conflicts when security issues and business objectives are inconsistent. 2. Information security education business department studies and promotes the utmost effective security process. 3. IT department is responsible for maintaining the infrastructure and the deployment of the newest technology, and collecting network security analysis data. 4. In the hr part, the staff's comprehension of their particular responsibilities, safety processes and operation specifications is comprehended through training, seminars and other designs. 5. The legal department provides quick feedback on international and national laws and regulations to market the compliance of the business's up and down behavior standard test. six. The marketing / internal coordination department provides skills support to educate employees and promote the implementation of policies through internal channels, e-mails, prompt lists, posters, webinars and the company's internal network. The cross departmental network security team can very quickly promote the network security pilot plan and training, help to share information, analyze and adjust future plans. The successful construction of network security culture within the enterprise is inseparable from the support of all employees and management. In line with the ISACA Research Institute, a vital practice adopted by not quite half of the successful businesses is to measure and evaluate employees' opinions each year. The results show that there is still a whole lot of room for enterprises to say in this aspect: 34% of the respondents think that their staff plainly understand the role in implementing the network security culture required by the business; 47% of the respondents genuinely believe that their employees have a clear comprehension of the role in implementing the network security culture required by the organizationRespondents said that their workers only "have a little" knowledge of it; 19% of respondents thought that their workers had no concept or didn't understand it at all. Ross, a network security expert, submit some suggestions on communication mechanism: 1 . Add security protocol content into the new employee's induction process. 2. Provide additional training for employees every quarter after deploying new hardware or upgrading computer software. 3. Formulate safety training according to personal knowledge, technical difficulty or department risk situation. For example , what if the financial department do when facing personal data. 4. Promote safety training through group activities and individual guidance. five. Choose inspectors who actively ask questions and provide feedback. 6. Choose the network attack related news to discuss the current network security situation. 7. Establish contact points and conduct simulation exercises to enable employees to understand methods and skills in actual network attacks. Business objectives and corresponding benchmarks are crucial elements of any strategic plan. For cybersecurity culture programs, businesses must look into documenting employees' behavior, compliance, and attitudes toward participating in cybersecurity risk prevention to develop a benchmark, after which make an effort to assist in improving. Based on the survey results, nearly one-third of enterprises have set goals or KPIs, but they never have set benchmarks for employees' comprehension of network security culture. Through benchmarking, companies also can measure whether employees can follow the rules or earnestly report suspicious e-mails, behaviors or events in their daily operations. This information can be used for referenceFor the kick off point of relevant training or targeted interventions. Network security expert grindstaff suggests that network security rules ought to be incorporated into the process of equipment application and software update of employees. The network security team can promote the network security culture with the help of follow-up e-mail, like when employees do the following operations: - Update the password or make use of a new encryption method. 2. Carry or require the utilization of personal devices at work, such as for instance laptops, tablets, mobile phones and USB drives. 3. When new job responsibilities involving sharing, storing, downloading or transferring data begin. 4. Log on to V * * or not known network. The proper execution of cyber crime is changing rapidly, for the reason that of the change of social lifestyle. For example , employees who want to disclose information that is personal or use unsafe devices (byod) on social media in many cases are used whilst the access point of network attacks, install unauthorized computer software through their channels, or provide new ways of certificate theft. Enterprise network security team must give attention to the cultivation of staff awareness. In line with the survey, nearly 40% of the businesses have strengthened training on risk awareness, online privacy policy and data protection. Nevertheless , half of the companies are still under the potential risk of online community or social networking interaction. Actually the above mentioned training is far from enough. For instance , 83% of the staff training programs in the survey email address details are on the web (computer-based training) instead of through practice or face-to-face trainingYes. It's beneficial to use some passive restraint system. For instance , by hand prompt employees to update their passwords, embed compliance requirements in to workflow, or force system update cycle to get protection through software and technology. A number of the organizations interviewed did better. They earnestly execute pilot programs, tailored according to the specific process or data access needs of different departments. In addition , when employees receive phishing emails or attachments that may contain malicious code, the security team can timely monitor and intervene through the active immune system. For instance , employees can play different roles to exhibit how cybercrime does occur and how to prevent it, and establish common goals and community awareness. Personalized training seminars include Q & A and other interactive elements, which could motivate employees with enhanced safety awareness through exclusive T-shirts, hats or gift certificates. Network security threats brings visible financial, operational, legal and market risks to enterprises. It is the responsibility of the board to manage any threat, whether technical or elsewhere. Among the businesses that recognize the significant gap between the realistic state and ideal goal of network security culture, one third of the respondents think that the possible lack of executive support is the main stumbling block. Obstacles to fully integrating cyber security culture in to the internal environment include insufficient funds, conflict of organizational goals, and the impact of employee / team style, cultural or geographical segmentation. These interviewees have experienced business problems and competitive disadvantages, such as for example data leakage, legal / regulatory penalties, decreased brand trust, lower employee engagement and high customer churn rate. Companies that successfully build network security culture have common ground in senior promotion, such as for instance senior managers setting an illustration, strengthening their own code of conduct, personally serving as the leader of network security team, taking part in various network security discussion activities, giving priority to budget support, hiring consultants, and conducting research to assess enterprise risks and capabilities, and so forth To be able to gain this support, experts declare that CISO and CIO present their understanding and concerns about network security issues through some eye-catching business cases. They should elaborate how security problems will affect corporate assets, new product development, online strategy, and corporate mission. www.baidu.com/ parisfashionn “sweatshirt bag ”Like it? Share it! |