Tips for crafting a great workplace IT security awareness program

Topics that hit home, such as identity theft and monitoring kids’ online activities, can engage employees on the topic of IT security

By Bob Brown, Network World, March 24, 2010 05:36 PM ET

Selling information security awareness to employees can be like “pushing the Queen Mary up Mt. Everest on the best of days,” says Jay Carter, director of information security for the faculty of arts and sciences at Harvard University. But that hasn’t stopped him from trying over the years, and he has success stories to share.

He did so at the SecureWorld Boston conference Wednesday, alongside co-panelist Michael Ste. Marie, information security analyst for Federal Home Loan Bank of Boston.

Carter says he has established an advisory council with faculty and staff at Harvard to ensure end users’ concerns are addressed in establishing security policies. “I can’t overstate the importance of establishing a two-way dialogue with your community,” he says.

Carter schedules regular meetings to update end users on security .policy issues and to re-emphasize major points. He has also printed up Information Security 101 brochures featuring a custom logo featuring Harvard’s emblem secured with a lock and key, which he says is part of a consistent branding effort.


Comments are closed.