Security Awareness Starts in IT

This practical defines the current state of business operations, security design function, introduction policy development, security awareness, and communicates our new found knowledge to the IT security design team. In the LevelOne SANS Security Essentials text, Stephen Northcutt states, 'I have never ceased to be amazed by the fact that you can't take a class in information security without being told to do this or the other thing in accordance with 'your security policy'. But nobody ever explains what policy is or how to write or evaluate it'. As an industry we still are not in agreement with what effective security policy is all about. And how should it be communicated? This is one individual's attempt to provide some insight into the initial steps of delivering the security awareness message to the business starting with the IT security design function. Security awareness communications start at home 'IT to IT'. Before we deliver the 'security message' to our business users we must ensure that security management security administration and security design teams are totally aligned with our overall security policy strategy. We must understand our working frameworks roles we fulfill what 'IT security policy' is all about and its impact on the organization.