Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« HITECH Act does *NOT* make HIPAA, or HIPAA advice, "obsolete"! | Main | The World's Largest (and BEST!) Cyber Defense Competition for Teens...In Ames Iowa! »

Effectively Explaining the Purpose of Information Classification to Employees

The topic for my Q2 2009 issue of Protecting Information was helping employees to understand why different types of information need different levels of security. Yes, this is information classification, but I describe it in a way that employees of all levels and responsibilities throughout an organization can understand, here's how...

Information security and privacy leaders know that all information is not created equally. However, most personnel don't really think about it. That is why it is so important to establish information classifications and then to effectively describe them to help personnel to more easily and quickly determine the types of safeguards necessary for each type of information.

However, making information classification interesting is usually a struggle for most information security and privacy leaders. The best way to get personnel to really pay attention to these types of requirements is to explain how it applies to them, personally.

I've found it works best to raise awareness of the need for information security and privacy activities within the workplace if you can first communicate why personnel need to be concerned about the issues involved in their own homes and personal activities. So, I've explained information classification using the types of items that personnel care about most in their own homes and lives.

I relate protecting different types of information to how they are more concerned about protecting some types of things in their homes, like specific photos or videos, or birthday gifts before it is time for the birthday, and how the concepts of providing different security is the same for different types of information they handle, access or otherwise use at work.

I think this is an important topic that is not addressed enough with training and awareness within organizations, so I'm making my podcast of the feature article for this issue of the Protecting Information Journal, "Different Protection For Different Information: All Information Is Not Created Equally" available for free access.

Here is the link to download the companion MP3 podcast of the featured article: http://www.privacyguidance.com/piq42009/

Here is how to download the MP3 file; it is a little over 11 minutes long:

  1. Click on the link, or copy it and paste into your browser.
  2. Right-click on Q2Spring2009ProtectingInformationPodcast.mp3 and select Save Target As... in the context menu.
  3. Select a location to save the MP3 on your computer or network.
  4. Enjoy!

I'm interested in hearing your feedback. Would this message get through to some, most or all of your employees?

If you are not an infosec or privacy leader, does this podcast help make the purpose for information classification more clear?

Tags:                    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on May 19, 2009 7:30 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/990

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.