To know what is happening in security, it is necessary to be aware of threats as they occur in similar information systems. Todays threats are numerous, escalating rapidly, often complex, and increasingly dangerous. Serious terrorist attacks, accidents, mistakes, vandalism, hacker exploits, and spying are even more frequent.

Threats must be avoided because the consequences are potentially devastating. Businesses are increasingly likely targets for attacks that are escalating, as information infrastructure become increasingly complex, and fragile, and therefore more vulnerable.

Senior management must be well briefed as to security risks, opportunities for improvement, and ways to add value.

Continuing awareness regarding improved security tools and new approaches as they emerge will permit better protection, generally at lower costs than catch-up changes.

Good planning, design, and management are all essential to strong protection; everyone involved must understand the security needs for the infrastructure.

An Information Technology (IT) security awareness program should create sensitivity toward the threats and vulnerabilities of IT systems and also remind employees of the need to protect information they create, process, transmit, and store.

The level and type of content of an awareness program depend on the needs of an organization. All employees must at least be aware of:

  • Threats to physical assets and stored information
  • How to identify and protect sensitive or classified information
  • Threats to open network environments
  • How to store, label, and transport information
  • How to deal with copyright violations or privacy act information
  • To whom security incidents should be reported to, regardless of whether it is just a suspected or actual incident
  • Specific organizational or departmental policies to follow
  • e-mail and /or Internet policies and procedures