Todays topic for the CyberSecurity Awareness Month is the Role of the Employee. Almost everyone reading this today will create some form of stored data which is significant to them. Thus is the role of the user. And, basically, every employee with an IT system is a user of some form or other. Recently I had the opportunity to discuss a very similar topic with some friends at www.eitc.edu . The discussion centered on personal responsibility in regards to security. This was a very productive discussion that yielded many of the same questions and conclusions I will discuss today. The role of the employee is essentially the role of the user which always led to 3 questions:
What data have I produced?
How do I get this data back, so I may continue, when all else fails?
Once you have addressed these questions to the data you have created, whether 2 presentations or 200 emails, you will find the long road ahead much easier. The third question is a bit more difficult, and is topic for another day.
What data, other than my own, am I ultimately responsible for today??
I would like to talk about the first 2 here a bit more. Of course discussions or comments are always welcome and encouraged. What data have I produced today? This question hopefully leads everyone to ask a number of questions about backup, restoration, and possibly even continuity of operations in regards to their jobs and data. One common question is how do I keep going after a (insert disaster here i.e fire, flood, etc)? If you are reading this then most likely we, in both our professional and personal lives, create some form of data each day. In the workplace this may be several proposals or presentations. In the home, it may have been a weekend of pictures downloaded to the home computer. So what happens when the workplace is flooded? God forbid a fire to the home? Is the data created on a computer any less priceless than the letters from 2 years ago? No. You would hopefully plan and protect these electronic artifacts the same as you would the physical artifacts.
How do I get this data back, so I may continue, when all else fails? To completely answer this question the answers to question number 1 have to be answered. Essentially once you have identified who is responsible for the backup and restoration, then ask the question where is my data so I can get it back when everything else fails? Sometimes this is a question we have to ask of ourselves about personal data weve created, in the form of contact lists, email archives, and personal data. In the data realm we are producers, provisions, consumers, and sometimes all three. Anyone in the role of the first two needs to understand completely the role they play in todays CyberSecurity world.
tony d0t carothers at isc d0t sans d0t org
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
View full post on SANS Internet Storm Center, InfoCON: green
Related Posts
- Cyber Security Awareness Month – Day 30 – Role of the network team, (Sat, Oct 30th)
Day 30 ends week four of the Cyber Security Awareness Month. First, a network team needs a a leader to who will serve as a point of contact and in most cases a Subject Matter Expert in networking and ... - Cyber Security Awareness Month – Day 27 – Social Media use in the office, (Thu, Oct 28th)
On Day 27 of the 2010 version of Cyber Security Awareness Month we want your view on the use of social media in the office.
Unless you are in one of those few industries or parts of government o... - Cyber Security Awareness Month – Day 31 – Tying it all together , (Sun, Oct 31st)
To the handlers who authored the daily Cyber Security Awareness Month diaries and to the readers who added comments and discussion - THANKSVERYMUCH! Your collaborative spirit is what makes the SANSInt... - Cyber Security Awareness Month – Day 26 – Sharing Office Files, (Tue, Oct 26th)
Cyber Security Awareness Month - Day 26 - Sharing Office Files
Today's CSAM topic is Sharing Office Files.
There are some good points of attention when doing this.
1) Sharing inside the c... - Cyber Security Awareness Month – Day 25 – Using Home Computers for Work, (Mon, Oct 25th)
Today's CSAM topic is Using Home Computers for Work. I will share with you a simple practiceI've been using for quite some time that provides me a couple key protections from myself while keeping me a... - Cyber Security Awareness Month – Day 22 – Security of removable media , (Fri, Oct 22nd)
Removable media are nothing new. Computer storage started with removable media, those of us old enough likely have fond memories of cassette tapes and floppy disks. What changed, primarily, is the ubi... - Cyber Security Awareness Month – Day 21 – Impossible Requests from the Boss, (Thu, Oct 21st)
When I saw the topic I was given for this month, I immediately burst out laughing as I have (while never violating an NDA) shared more than a few horror stories, complaints and tales of woe (from the ... - Cyber Security Awareness Month – Day 19 – VPN and Remote Access Tools, (Tue, Oct 19th)
Today we have a few diaries on VPN and Remote Access Tools. We invite your comments on any or all of these diaries.
=============== Rob VandenBrink Metafore ===============
(c) SANS Internet Storm... - Cyber Security Awareness Month – Day 16 – Securing a donated computer, (Fri, Oct 15th)
Day 16 ends week two of the Cyber Security Awareness Month. If you happen to get a computer that was donated to you, it is important to trust the software that is installed on it.
Formatting a compute... - Cyber Security Awareness Month – Day 17 – What a boss should and should not have access to, (Sun, Oct 17th)
On day 17 of our yearly Cyber Security Awareness Month, we enter into the thorny subject area of your Boss. Today, we'll look at what a boss should, or indeed should not have access to.
Bosses are int...
Posted on 29 October 2010. Tags: 28th, Awareness, Cyber, employee, Month, Role, Security
