We have just delivered April's awareness module on information security and privacy compliance, a perennial topic that remains stubbornly on management's agenda.
This time around, we had the 'benefit' of an excellent ready-made compliance case study in the shape of Target's recent breach. Reviewing the news on Target revealed plenty of lessons on compliance, security, privacy, governance, risk management, incident response, press relations and accountability - a rich vein indeed!
Something else that came out of our research was the value of encouraging compliance in a positive sense, as much as hammering non-compliance through enforcement and penalties, the more conventional approach (typified by this poster image - one of six new designs in the module). Compliance benefits the organization, management, the authorities, customers, business partners, owners, stakeholders and society, as well as individual workers. The module talks about good practices, maturity and ethics. It's good to promote the upside of compliance for a change rather than simply ringing the warning bells, yet again.
No comments:
Post a Comment
The floor is yours ...