Download PDFOpen PDF in browser

Implication of employees in security policies definition

EasyChair Preprint 1544

5 pagesDate: September 22, 2019

Abstract

A way of awareness is to involve employees in part of the definition of security policies. The purpose of this approach is not to reduce the level of security required and defined by the policies but to consider when it is possible and applicable their comments. In this case, employees accept more easily the application of policies as they have “participated”. Then, the policies should be present to employees during interactive sessions with real cases of security breach, figures, and statistics to illustrate the risks. The benefits of these presentations are to show to employees that risks are not only theoretical and it can really happen.

The purpose of this document is to provide guidance on how to create more cybersecurity awareness, topic handled by the CyberEDU in February 2019. This paper presents the implication of employees across the life cycle of the security policies based on the PDCA (Plan-Do-Check-Act) model. The document will addresses the definition of Information Security Policy (ISP) as well as topic-specific policies and the involvement of the Top Management and employees.  

Keyphrases: Implication of employees, Interactive Awareness, Policy Maker, security awareness

BibTeX entry
BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:
@booklet{EasyChair:1544,
  author    = {Myriam Djerouni},
  title     = {Implication of employees in security policies definition},
  howpublished = {EasyChair Preprint 1544},
  year      = {EasyChair, 2019}}
Download PDFOpen PDF in browser