The whole security edifice could collapse due to one person.This person doesn’t necessarily have to hate the boss but stupidly, unaware of all the perils of the great Internet could fall victim to an ingenious www terrorist.
Whatever the reason of the “treason”, tools are not enough to prevent the failure of your security system.
I won’t discuss how to prevent the potential harm due to hate, greed, sheer stupidity etc.
This is thousand years history and we still have a lot to learn.
So I’ll presume that everybody in the company has good intentions, loves the job and the related benefits and fears the consequences of some inadequate action.
– ensures that everybody stays informed and nobody can complain that one was not informed
– all politics, processes, procedures and instructions that implement all company’s best practices (including security related) are up-to-date and are visible to everybody anytime (in a normal day business or in a crisis situation).
– bad news and good news are rapidly spread
– tools for risk management, of course
– easy access to an efficient internal helpdesk which will prevent small incidents becoming disasters
– easy two way communication. Management should be able to communicate rapidly all decisions related to security. The humblest person in the company should be able to communicate all others issues or ideas.
– a Business Continuity plan, procedures and tools to monitor crisis situations.
Sharing essential information is as vital as the technical infrastructure.
As some gurus of the Management systems say: “knowledge is power” should be replaced by “shared knowledge is power”.