Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=208806994
CUPERTINO, Calif. -- 1. Create a Security Aware Culture-To be effective, organizations should have an ongoing security awareness program in place that includes continuous training, communication, and reinforcement. A one-time presentation or a static set of activities is not sufficient to address the ever-evolving threats to the security landscape. Equally important, an awareness program must influence behavior changes that deliver measurable benefits.
2. Establish Processes-While the cause of IT failures can include technology and environmental compatibility issues, the root cause of IT failure frequently lies in process and skills issues. Regular or routine activities should have established processes, which are known to all.
Processes enable workers to treat all components the same, reducing effort and potential risk that would be entailed if each component is managed differently.
3. Have a Remediation Strategy in Place-The absence of a solid security awareness and remediation strategy in the event of business disruptions is becoming an increasing priority as IT-related incidents are attracting an ever increasing share of the public's attention. When designing a remediation program, organizations should keep IT risk management in mind and follow several best practices as outlined below: