The social approaches to enforcing information security

Business security is becoming more strategically important everyday for sustainability, economic growth and future health. This report's focus is on enforcing information security using social approaches in the business environment. Most businesses have, or should have policies in place for various standards, procedures and guidelines. Although policy is a great tool to have in a business, a policy is only as good as its compliance from management and staff. This paper will focus on ways to improve policy compliance using a social approach in the business hierarchy from employees to the CEO of a company. Many companies focus a great deal of time and money on new technologies for example, physical and logical barriers such as IDS systems, security guards and data protection mechanisms. Although these methods work very well, intruders of your systems will always find ways around these technologies using other methods of attacks such as social engineering or internal threats. In fact, numerous studies show that at least 65 percent of all company threats are internal. The best approach to tackle this type of attack is to be close with employees and management utilizing more social approaches as opposed to technology focuses to achieve policy enforcement.