I was forwarded this great article about mobile security and given the increase consumerization of IT, the “The 10 Steps CIOs Can Take to Bolster Mobile Security” are right on!
At Intel IT our CISO, Malcolm Harkins discusses how it is important to empower employees to own responsibility for protecting enterprise and personal information, he refers to this as ‘people as the perimeter’. This approach includes:
- BALANCE: The balance of data risks with business initiatives.
- TRAINING: Plan for the diversity of individual employees and job requirements
- AWARENESSS: Consistent and helpful internal communications on the importance of protecting information, including personal connections like preventing identity theft, keeping children safe online, etc.
- BUSINESS PROCESS: Pilot solutions that target specific security risk areas and when mature embed into existing business processes
- INCENTIVES: Recognize groups that complete privacy and security training requirements early and broadly communicate within the company for training promotion.
- LEADERSHIP: Messages from other executives and leaders to ensure the dissemination at all levels within the company.
- TEAM DEVELOPMENT: An efficient security team that deals with risk analysis and mitigation, policy, availability of information and know how to train employees beyond just one skill set.
I am very interested in hearing from other security professionals on your approach to the consumerization of IT with regard to your security programs?