Playing by the rules
Compliance is our security awareness and training topic for July. As usual, we'll be taking a deliberately broad perspective, finding angles of interest to staff, management and professionals.
'Playing by the rules' hints at how we're planning to address the staff awareness stream. People who enjoy playing all sorts of quizzes, competitions, games and sports appreciate that the rules are there to level the playing field, keeping things reasonably fair to all concerned. That leads on to the concept of rule-bending and breaking i.e. cheating to gain an unfair advantage over other players. 'The rules of the road' suggest another possible avenue to explore around safety and security, picking up on this month's awareness topic (physical infosec).
The management stream will also dip into rule-making, the process of defining rules, plus enforcement and reinforcement of the rules. In the information security context, the rules include laws, regulations, policies, directives, instructions, contractual terms and more, some very narrowly scoped and others much more general in nature. We might even take a tangent into actively exploiting lax rules for business advantage, raising ethical and risk questions worth pondering.
The pro stream will get into technological rules such as cybersecurity standards, tech protocols and firewall rulesets ...
... at least, that's our cunning plan at this point. Part of the fun of providing our security awareness and training service is to get creative with the messages, picking up on topical issues. We're on the lookout for interesting compliance-related news during June - incidents, changes, and different approaches to the age-old problems in this area.