A Manager’s Guide to Safeguarding Sensitive Information Properly is a quick reference guide on the 12 SSIP Rules managers should be aware of in respect to safeguarding sensitive information properly at their company. This guide is a companion to “An Employee’s Guide to Safeguarding Sensitive Information Properly.”
Sean Lowther who designed and implemented the information security awareness program at Bank of America from 1999 to 2006 is the author of this guide. Every manager who works for a company should have a copy of this “Guide.” The guide includes the following SSIP (safeguarding sensitive information properly) Rules:
SSIP Rule 1: Are you hiring the right people?
SSIP Rule 2.: Your Information Technology Department is not responsible for safeguarding sensitive information properly.
SSIP Rule 3: If your department is developing applications, make sure you include your information security people in the process.
SSIP Rule 4: People do things for their reasons, not yours!
SSIP Rule 5: Do not transmit sensitive information outside of the company without proper protection.
SSIP Rule 6: Do not let employees download unlicensed software or unapproved applications.
SSIP Rule 7: Don’t play “Big Brother” with your employees. Be an enabler!
SSIP Rule 8: The importance of training.
SSIP Rule 9: Update an employee’s system access when transferred or delete when terminated.
SSIP Rule 10: The risk of social engineering.
SSIP Rule 11: The risks of social media.
SSIP Rule 12: The risk of insider threats.
A Manager’s Guide to Safeguarding Sensitive Information Properly could vary well save any company from significant financial risk and adverse publicity to their brand.