1.3. Task 1.3: Establishing a User-Awareness Program

Policies are not enough to protect an organization. Employees must develop user-awareness programs so that other employees know about specific policies and are trained to carry out actions specified in security policies. The overall process to accomplish this task is usually referred to as security education, training, and awareness (SETA).

Take, for example, a policy dictating that employees should access the Internet for business use only. Management can dictate this as a policy, but how are end users going to know? That's where employee awareness comes in. Employee awareness could include asking employees to sign an acceptable-use statement when they are hired; it might also include periodic ...

Get Security Administrator Street Smarts: A Real World Guide to CompTIA Security+™ Skills, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.