The Internet nowadays covers a plenty of computer networks, and therefore in the foreground is the issue of network security. Obviously, there are considered the diverse approaches in this sphere, especially when computer security regards the methods of elementary information access without physical work with computer.
Recently, the computer security focuses on the advanced technologies to prevent the information from authorized access. But according to the researches of this key the professionals in information security declare that these methods help to avoid only several computer risks. The human factor plays the vital importance against the background of this issue. People turn out the representatives of information exchange and they have the direct access to the informational recourses of company, especially when we consider the company.
According to Ken M. Shaurette (2004), the engagement manager in the Computer Security of American Security Partners and MERIST, “Information security is not just about technological controls. Security cannot be achieved solely through the application of software of hardware. Any attempt to implement technology controls without considering the cultural and social attitudes of the corporation is a formula for disaster.” Therefore, there are some significant issues should be regarded before the right approaches are being devised.
The personnel who takes the whole responsibility for the training of employees does not correspond to the necessary requirements, particularly when we consider the competency. This key is strongly related to the corporate governance that does not foresee the right approach.
The managers used to draw much attention to this issue because of the absence of direct connection between information security and success of company in general. The corporate governance does not realize the value of information security and its direct effect on the company reputation.
The outdate approaches are considered as the only one way to save information. But computer system development never stops, thus new methods should be immediately implicated.
As it is stated above, the issue of computer security bases profoundly on the human factor. Obviously, the director and employee cannot help paying attention to this key. And the efficient management in training methods turns out one of the most important way.
So, the issue is that who is empowered to teach the audience. If we consider the company, this question becomes very relevant. The researches of Global Corporate IT Security Risks 2013 introduced the interesting fact. The most of companies involve in the training the specialists from internal IT department (“Global Corporate”, 2013). This seems to be well thought-out decision, but it looks like relevant only from one point of view. Because the efficient management refutes this approach. This department has many personal duties, thus the additional tasks may influence as the productivity of whole department as well as the quality of training, thus it is not considered to be the best way.
The outlet focuses on the involvement of external IT consultant who is competent in the IT security. This specialist foresees not only the appropriate teaching, but the previous investigation of the company. Only 11 % of companies follow this strategy and work in the Eastern Europe. But the importance of this so-called education is acknowledged by the most of prominent companies. The awareness of employees is the major factor of security realization.
The direct role of director in the training preparation is considered to be very important because this aspect minimize the risks of information loss. Consequently, the management of personnel education focuses on the different level of company subordination. This specialist has to communicate with managers of departments before the beginning. This turn foresees the better realization of the wok nuances and peculiarity, thus this approach will be completely efficient. Because the variety of this valuable information may full out the employees with this work. The necessary minimum is quite enough for the security policy fulfillment.
Access control lists are the main tool of network administrator. Due to these lists he is able to provide access to the network of authorized clients and at the same time forbid the access of unauthorized clients. Surely, the passwords play the importance of network security, but they are short of flexibility in the data filtering. The employee have to realize the internet access as the serious network threat. Depending on the department, this access may be restricted partly or completely. This aspect regards the different software that has the internet access. The similar situation occurs in the case of social networks that are the direct threat for computer. Clear understanding of these notions is really essential.
The software services need the detailed consideration as they may be monitored by the third party. Thus, the audience has to realize the risks to use the next software services and the best ways to minimize them. First of all, the search engine Google installed on many computers turns out the threat to lose the valuable information because this service is tracking and targeting. If it is possible, these search engines may be successfully replaced by such services as DuckDuckGo and Start page. The presented search engines have the relevant encryption.
Possibly we have to point out the key that social networks are the useful instruments, especially when people used to send different kind of files. But Facebook and Vk.com turn out not the secure tools to fulfill this. There is a significant alternative RetroShare that has the same functional abilities as mentioned networks, the main peculiarity is that it implicates the GPG encryption and secure tunnels that minimize any risk to lose information. This technology bases on the public key exchange.
Surely, there is a special Internet software that employees got accustomed to use. Among this range it should be noted Skype. This service is not secure completely, so company may involve the LinPhone. This service uses the ZRTP encryption. As for chatting people may use XMPP.
The next important point is to explain the main rules of e-mail application. The employees are supposed to realize the risk of this service if it runs on the server. You should strongly recommend open source encryption tools. People could use the GnuPG service.
We cannot help paying attention that web surfing is the integral part of duties fulfillment, but the director with expert may replace some of the software with relevant one. The best platform for web surfing is Mozilla Firefox because it foresees many private setting for user. The anonymity plays the vital role and AdBlock Edge is a good decision to fulfill it.
Thus, the target audience is considered to realize the importance of Internet and Internet based software in the network security. As for the directors, they may involve the Open VPN if it is necessary for company. According to Knipp (2002), this network foresees the secure access to the Internet due to the secure channel.
The mentioned actions are to be established according the secure policy in the particular company. Employees should know this set of established rules and realize how their action are introduced in this document. The expert has to explain the main role of the secure policy for the efficient network security. Each business ought to have a composed (and attentively arranged) system security arrange set up (“Network Security,” n.d.). Besides the particular attacks are the vital part of this education as well such as DOS, worms etc.
As for right education, the expert leads these so-called lessons in obtrusive way, especially when there is the friendly atmosphere. The knowledge has to be divided into small portion and the average duration of each is 30-60 minutes. The other important key is coffee breaks because they help to acquire the material. It is better to nominate several days per week for this education. Speaking in general, 30 minutes per one day is quite enough. The total duration is 1-2 weeks. It is not desirable to give a lot of material at once because people are the most attentive only 20 minutes. The schedule should be established by all employees. If new workers take part in this event, the expert may combine some topics for them such as briefings on occupational safety, this aims to improve the management efficiency. This education covers the involvement in the secure software as well. Being the specialist of network security, you have to announce the administrative actions that forbid some activity of employees preventing from the information loss. Leaders with expert are supposed to check the knowledge of employees from time to time giving them a prompt test.
Another decision of looking at this question is untraditional tools. They don’t focus on knowledge acquirement because aims at realization of security importance on the emotional and subconscious level. The expert has to use some of these approaches because they combine with major education. Screen servers are the significant examples of these tools aimed to block the screen when the employee leaves the work place. These screens introduce different topics of information security that make an emotional impressions in the minds of other employees. Movies and videos have the value visual presentations, they are significantly recommended for the information acquirement. These materials may be used for trainings as well. Thus, the approach forms the positive attitude to the network security in company. For instance, via these resources the manager may announce the new threats in company and the right actions of employees. Besides the director is completely responsible for news. Leaders have to carry out the relevant news for the company. News must be understandable, interesting and easily perceived for everyone. From time to time company buys office supplies. Thus, the managers may increase the basic functionality of them stuffing with security phrases because employees use these things during the whole day and this aspect helps to realize the security.
Nowadays there are used many different methods that increase the people awareness in security issue. The best way is to use the combination of them. The arguments presented above suggest that human factor turns out the major key in network security fulfillment. Therefore, the issue of competent management of education holds the first priority, but fist of all it is necessary to choose the most appropriate specialist for the audience education. This person turns out the expert of network security from external environment in spite of the company’s habit to implicate own IT department. The next main point is the right approach in education methods that foresees investigation of company and short, efficient lessons. Among training plan preparations and previous research of company, the expert is considered to involve the indirect mentioned methods. Thus, training plan is a complex concept that requires a significant preparation.
References
Information Security Management Handbook, Fifth Edition. (n.d.). Retrieved April 28, 2015, from http://www.academia.edu/4903473/Information_Security_Management_Handbook_Fifth_Edition
Knipp, E. (2002). Managing Cisco network security (2nd ed.). Rockland, MA: Syngress.
(n.d.). Retrieved April 28, 2015, from http://media.kaspersky.com/pdf/Kaspersky_Lab_B2C_Summary_2013_final_EN.pdf
Network Security Checklist. (n.d.). Retrieved April 28, 2015, from http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/secure_my_business/network_security_checklist/index.html