A common information security issue is how to engage top level/cheif operating level members in good security practices to protect company data. In many cases, this is an issue because executives do not see information security as relevant to their role. This - and other misconceptions about information security - can be a huge hurdle to jump for information security practitioners.
Executive Level Training
- Establish a relationship with administrative office heads and other senior-level staff, and introduce your ideas for outreach to the staff community. Information security is everyone’s responsibility, not just campus IT/information security.
- Data breaches can financially impact possibly resulting in the loss of donations.
- Top level exectives and senior staff can reduce this risk by preventing loss of data and not waiting until a mistake occurs to learn prevention techniques.
- Protecting data is a collaborative effort all departments; including corporatel level, Board members and access control with stake holders.
- Convene a steering committee, cybersecurity awareness committee, or working group consisting of a diverse group of staff (including representatives from your IT/information security department) to discuss the best approach to use for this outreach, common issues regarding information security in the staff space, and elements that could become a barrier between you and the staff during outreach. Work with the group to identify a limited number of information security topics to focus on each year..
- Federal laws such as HIPAA (Health Insurance Portability and Accountability Act), FERPA (Family Educational Rights and Privacy Act), GLBA (Gramm-Leach-Bliley Act), and the HITECH (Health Information Technology for Economic and Clinical Health) Act all have requirements regarding the protection of specific categories of data.
- Obtain buy-in from the administration leadership and senior managers and work with those individuals to issue a message to staff confirming the institution's commitment to protecting its data.