Security awareness training is often the first view a typical user has into information security. It’s often required for all new hires. Think of it as the first impression of management’s view of information security. This is management’s opportunity to set the tone. Most individuals want to do a good job, but they need to know what the rules and expected behavior are. That is one of the purposes of a security awareness policy.
Answer the following question(s):
- What do you think are the two most important practices that should be incorporated into a security awareness policy?
- Why do you rank them so highly?
Fully address the questions in this discussion; provide valid rationale for your choices, where applicable;