NCJ Number
118452
Journal
Security Management Volume: 33 Issue: 5 Dated: (May 1989) Pages: 26-33
Date Published
1989
Length
8 pages
Annotation
This article describes the procedure used to implement Apple Computer Company's information protection program through employee training.
Abstract
A security consultant was hired to assume the leadership in devising an information security program. The proposed program was brought to the company's security advisory board for additions and changes, followed by approval and a suggested trial launch. Currently, the program is halfway implemented. Employees instrumental in the implementation are the protection coordinators; employees chosen by their managers to serve as information security representatives in their departments. Implementation instruments are a large binder of security guidelines, a video, an employee handbook, several layers of training, and periodic reminders and audits. Protection coordinators first attend an introductory workshop, where they receive a set of information security guidelines, which the coordinators use to design information protection procedures for their own departments. The guidebook asks protection coordinators to meet with their coworkers to develop a list of the types of confidential information in their departments. After the introductory training, protection coordinators participate in an all-day training session that includes role playing, document-marking practice, and other hands-on lessons. They also attend periodic followup workshops on specific security topics, such as securing information on desktop computers, handling nondisclosure agreements, and responding to inquisitive telephone callers. The protection coordinators then use some of the same training methods on their coworkers.