Computer Security: 20 Things Every Employee Should Know

Product Description
Securing corporate resources and data in the workplace is everyone’s responsibility. Corporate IT security strategies are only as good as the employee’s awareness of his or her role in maintaining that strategy. This book presents the risks, responsibilities, and liabilities (known and unknown) of which every employee should be aware, as well as simple protective steps to keep corporate data and systems secure. Inside this easy-to-follow guide, you’ll find 20 lesson… More >>

Computer Security: 20 Things Every Employee Should Know

5 replies
  1. Richard Bejtlich says:

    Ben Rothke’s Computer Security: 20 Things Every Employee Should Know, 2nd Ed, contains a great deal of sound advice for nontechnical employees. At least 10 tips could be eliminated by combining redundancies. I would reduce the list to the following topics:

    (1) Beware malware, spyware, and phishing; (2) Protect your identity; (3) Protect the organization’s data; (4) Choose sound passwords and protect them; (5) Use organization resources for authorized purposes; (6) Beware of social engineers; (7) Call the experts when things go wrong; (8) Protect laptops, PDAs, cell phones, and other mobile devices as you would corporate resources.

    These are the 8 core principles distilled from this book. If it were necessary to highlight email and instant messaging as specific vulnerabilities, those could receive their own topics. I think they could be rolled into tip 5, but to reach the 10 tip mark they could appear as items 9 and 10.

    Normal corporate users should not be applying patches, administering host-based firewalls, or operating with administrator/root privileges. They should also not be backing up their own data. These roles belong to system administrators, who are not the audience for this book. Therefore, there is no need to provide guidance on these subjects.

    Books for nontechnical audiences are much more interesting when they convey lessons in anecdotal form. I believe the third edition of this book would benefit from reducing the tips from 20 to 10, and adding stories to each of the ten suggestions. They should make their point in a direct yet engaging way. The book could also use illustrations to grab the nontechnical reader’s attention.
    Rating: 3 / 5

  2. Jill Malter says:

    I think we know that there are constant threats to our computer systems. Confidential information can be grabbed from us, and computer viruses can slow down or stop processing, as well as introduce plenty of unwanted material.

    As Ben Rothke explains, that means that we need to use great caution in downloading (or even “upgrading”) software, especially on company computers. When asked for personal information on the internet, we need to be very wary indeed. And, of course, we need to avoid giving others (even co-workers) our personal access to restricted sites.

    Passwords can be tricky. I have successfully guessed a couple of passwords used by others, so my advice is to avoid using your own name (or even an anagram of it) or the names of your children or pets! Yes, I know that it is not easy to remember a large number of passwords, and that sudden requests of the form “Your password has expired, please enter a new password at once!” generally result in some of the most absurd choices of passwords. But you still ought to look at phrases and then choose the first letters of them or just use multiple short words, including a couple of numerals and a punctuation mark. These can actually be remembered, and if you have trouble, you can write down reminders that do not include the actual password.

    By the way, you may want to be really careful when you log into any system. Some systems keep track of your login name and this record may be accessable by all sorts of people. If you accidentally type in your password instead of your login name, you really ought to change that password.

    This book covers threats from worms and viruses, as well as a variety of e-mail hoaxes. It does discuss firewalls. And it reminds us that pocket PCs are computers too, and that their use can entail the same sort of risks as using a larger computer.

    As this book explains, if you leave your computer unattended, others may simply take advantage of this to gain access to all sorts of confidential material. To top it off, they may even swipe your computer, especially if it is a laptop or PDA and not physically secured.

    One can read this book in a short time, and I think doing so is a good idea for those of us who use computers, especially at work.
    Rating: 5 / 5

  3. Katie Barlow says:

    Great book.

    Short, to the point, and very readible for every user.

    It is a bargain at the price.

    Have all your users read this is you want a good security awareness program.
    Rating: 5 / 5

  4. Anonymous says:

    At 51 pages, this title is little more than a pamphlet compared with most IT security books. But here, brevity is a virtue, and I don’t expect this slim volume to spend much time on the shelf.

    Full of pithy, interesting quotes and bite-size chunks of information, this primer will fit perfectly into your IT security awareness campaign or into the introduction pack for every new hire.

    This whistle-stop tour of information security hits all the right notes, is an easy read and is credible without resorting to fear tactics. My desk copy has already been well thumbed by those waiting for me to finish phone calls.

    A large-scale security group could probably gather this same information and tailor it to their internal audience, but why bother? For smaller shops and those without much spare time, Rothke’s book is a superb addition to any security awareness push.

    from: http://www.computerworld.com/securitytopics/security/story/0,10801,88174,00.html
    Rating: 5 / 5

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.