The Information Security Policy Must Be Marketed To Employees

Don't assume people will read the security policy!

Just because the policy is posted, does not mean everyone will read it.

Listen to the Audiocast:

Policy, like any other communication, must be marketed.  It is the role of the security professional to show the end-users the value and how it helps them.   Make it personal.

References: SANS.org blog: How to Suck at Information Security

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.