and Boards of Directors are responsible for knowing this important information about cyber security. Have you wondered what you can do to
strengthen your company’s cyber security?
If “yes”, you aren’t alone.
Shown below is a short list of steps that mangers can take to help fulfill their supervisory role for information security:
1. Develop a high level of situational awareness of what your organization is doing or has done to provide for information security to maintain business continuity. Are you familiar with information security control standard’s or the numerous laws that address cybersecurity?
2. Conduct a risk assessment, which includes a threat assessment and a vulnerability
analysis. Take a hard look at what
you are doing to prevent cyber intrusions and protect your information
resources. How many risks are you
3. Project an active interest in information
security to your employees. Make sure that
the people you supervise know that you are concerned about the safe use of
confidential information. The people who
work for you need to get the following message: Information security is very important to my manager.
4. Officially create an adopt information
security policy if one doesn’t already exist.
5. Orient your employees to any existing
organizational information security plan.
Make sure that each person is aware of his or her individual
6. Set a good example. The manager must obviously follow security
best practices. Otherwise the employees
sense that information security isn’t that important to you. The best way to do this is to provide
periodic security awareness training
and to participate in it.
7. The manager should identify the key
metrics for information security in his or her department and monitor them. Your subordinates will quickly understand that
a high value is placed upon protecting key information assets. A security culture is likely to evolve.
8. Inform your employees of any security
incidents or recent security breaches that have happened in your company or industry. Supply those who report to you with examples
of what could go wrong with divulging confidential information and the
consequences of failing to put a high value on protecting your information.
9. Make sure that every employee is aware of
what to do in the event of a security incident.
Security specialists refer to this component as an “incident response
10. Ask your employees if they perceive of any
way in which information security can be enhanced. The people who work with mission critical
information may be able to make excellent suggestions.
11. Part of a manager’s job is to anticipate
potential problems and consider possible actions that can mitigate negative
surprises. The security of every digital device possessed by your organization
is a concern.
12. Educate yourself. Speak with the IT people in your company who are responsible for information security and ask them for any suggestions that they might make to help improve your department’s or organization’s security.
Mangers, today, work in an asymmetric threat environment. Attacks against information assets can originate from any source. Be alert and develop a culture of teaching information about cyber security among employees. Build support throughout your organization. Doing so is important. Protect your information assets at all costs.
The manager is in the unique position to do so.