Address the weakest point of your security strategy by educating your people and ensuring compliance with standards and regulatory requirements

According to several governmental and industry reports, internal human error is responsible for most information security incidents in most organizations. Not only does it make good business sense to implement a security awareness and security training program in view of such data, but also, judicial sentencing practices in the US, as well as several Canadian laws and regulations and industry standards require such a program. Are you ready to answer some of the questions these questions?

• How frequently and how well does your organization communicate its policies to staff?
• Are personnel being effectively trained and aware?
• What methods / channels do you use for such communications? How do you evaluate its efficiency and benefits?
• Does the training cover ethical work practices, code of business conduct, the value of business data and security risks?
• Is management getting the same educational messages as the staff, or customized content?

The following U.S. and Canadian laws and regulations could ask you the above and additional questions regarding how you handle the human component and your security posture:

• Health Insurance Portability and Accountability Act (HIPAA)
• 21 CFR Part 11 (Electronic Records/Electronic Signatures)
• VISA Payment Card Industry Data Security Standard (PCI DSS)
• Bank Protection Act
• Computer Security Act                                                                       
• Computer Fraud and Abuse Act (CFAA)
• Privacy Act
• Freedom of Information Act (FOIA)
• Federal Information Security Management Act (FISMA)
• Appendix III to OMB Circular No. A-130
• Digital Millennium Copyright Act (DMCA)
• Gramm-Leach-Bliley Act (GLBA)
• Department of Transportation DOT HM-232
• Sarbanes-Oxley Act of 2002 (SOX)
• The Organization for Economic Cooperation and Development (OECD) Security and Privacy Principles
• The European Union Data Protection Directive
• Personal Information Protection and Electronic Documents Act (PIPEDA)

In addition, the following industry standards call for security awareness and security training:

• Control Objectives for Information and Related Technology (COBIT)
• International Standards Organization (ISO/IEC)
• Information Security Forum

TELUS can help you develop and implement a Security Awareness Program tailored to your specific needs and situation.