From viewpoint of information security awareness, each oraganization need their own information security strategy.
And now, it is not only the latest tools or technology. Organization need to understand what exactly they need to protect and why. Risk management is the process of measuring, or assessing risk and developing strategies to manage it. Strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.
1.step Risk assessment
In this step really helps special tests with questions to wich you need answer and in the end from your answers are calculate the biggest your system threats. It is quite difiicult and full-time process, so some companies, for example InfoSecurityLab , offer to do this job instead you.
2.step Security policy
After this calculation you know about the biggest threats and then come another very important task – to draw up your own security policy. Security policy is the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. And also this calculation and draw up policy can help special information security awareness companies!
3. step Introduction in life
This step probably often is the hardest one, because it is really important that everyone in there daily work life notice these laws, which are write in security policy! Only work together is possibility reduce all risk to minimum. In this step really numerous role play company manager – he can with various bonus systems and interesting training work (here can also help special information security awareness companies) encourage workers establish security policy in life.Only 3 basic steps and your company’s information will be located in much safer information system and also in other companies eye’s yours look more loyal.
Article source infosecuritylab
More from InfoSecurityLab
Computer Viruses
By: InfoSecurityLab | 23/01/2007 | Security
In information security , computer virus is a manmade program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.
Internet Attack Methods
By: InfoSecurityLab | 23/01/2007 | Security
The U.S. Government’s National Information Assurance Glossary defines Information Security as: Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.
Security Using Public Internet Access
By: InfoSecurityLab | 23/01/2007 | Security
Internet comes to peoples lives and then suddenly comes truth, that WE CAN'T LIVE WITHOUT INTERNET. We can't even simple daily activities do without Internet, but not always we can use Internet at work or home. It is a fact and no one can deny that. Because more and more cities going wireless - get wireless network which spread all city so that everyone with laptop an wireless card can get access to the Internet, and also there are Internet café and other Internet access points.
Information Security Endangered
By: InfoSecurityLab | 23/01/2007 | Security
our time is coming. Spy programs are stealing information more easily. The reason is weak algorithms, which provide systems safety, for example data encryption and hashing.
Tips of Security
By: InfoSecurityLab | 23/01/2007 | Security
Information is the lifeblood of most, if not all, modern organisations, so protecting (this) information against unauthorised disclosure, modification or erasure is a basic requirement of management.
Anti-virus Software Comparison Test
By: InfoSecurityLab | 23/01/2007 | Security
Virus.gr tested quite a few different software companies to see how they would stack up against each other. How did the 147,000+ virus test pan out?
Security Awareness
By: InfoSecurityLab | 23/01/2007 | Security
Security awareness is knowledge and attitude members of an organization possess regarding protection of the physical and information assets of that organization. Many organizations require formal security awareness training for all employees when they take up sensitive assignments and, in some cases, periodically thereafter.
Quick Tips of E-mail Security
By: InfoSecurityLab | 23/01/2007 | Security
Feature-rich email is not only a powerful way of communication, but also a major security threat. The more features an email service provides the security holes are made for hackers. In addition to the usual email security headache - executable attachments - HTML messages introduce new problems. HTML is not a plain text, it is rendered and it may contain executable code. You get dozens emails daily. Every time you read an HTML email message - something could be executed. It is just like you woul
Computers 
