Download PDFOpen PDF in browserImplication of employees in security policies definitionEasyChair Preprint no. 15445 pages•Date: September 22, 2019AbstractA way of awareness is to involve employees in part of the definition of security policies. The purpose of this approach is not to reduce the level of security required and defined by the policies but to consider when it is possible and applicable their comments. In this case, employees accept more easily the application of policies as they have “participated”. Then, the policies should be present to employees during interactive sessions with real cases of security breach, figures, and statistics to illustrate the risks. The benefits of these presentations are to show to employees that risks are not only theoretical and it can really happen. The purpose of this document is to provide guidance on how to create more cybersecurity awareness, topic handled by the CyberEDU in February 2019. This paper presents the implication of employees across the life cycle of the security policies based on the PDCA (Plan-Do-Check-Act) model. The document will addresses the definition of Information Security Policy (ISP) as well as topic-specific policies and the involvement of the Top Management and employees. Keyphrases: Implication of employees, Interactive Awareness, Policy Maker, security awareness
|
