What are the various ways to inform employees about information security policies and procedures?

How to Answer
1st Answer Example
2nd Answer Example

Anyone in IT leadership that is responsible for establishing and maintaining company policy and procedures for security needs to ensure that there's a system in place for monitoring corporate computers and mobile devices to protect against email viruses, malware, and data breaches. You'll find that hiring managers tend to spend a bit more time on this question because they want to gauge your level of confidence on how you implement these practices across the company and the way you communicate the procedures to all employees. The experience you share with the manager will be a reflection of your capabilities and will show that you can think outside the box. It's not uncommon for a manager to ask you to talk at length about communicating effective ways to identify phishing emails, transferring confidential files securely, password management tips, and applying privacy and security updates for all employees. This helps the manager see the level of detail that you go through to protect your company's employees.

"If you look at statistics on how attacks were established. You will find that over 50% of attacks came from employees within a company that inadvertently allowed access to a hacker, or simply disregarded company security policy. At my last company, I was directly involved in writing the security policies and procedures, as well as setting guidelines and conducting training sessions with employees to teach them to detect phishing emails and similar scams. I demonstrated in detail what a phishing email looks like, and what to look for when they receive one, and the procedure to follow once this type of scam is identified. I created an email account so that anyone who received these phishing emails,l could send them straight to that account."

"During my security training sessions with employees, I explained the importance of cyber security, and pointed out the risks of an attack and the negative impact it could have on our organization if personal employee or company information is compromised. As part of the training sessions, I discussed in detail the use of and management of strong passwords, and how to use unique characters when selecting new passwords. As a way of making sure all employees were adhering to our security policies, I set quarterly reminders for everyone to change their passwords. I also had everyone apply updates to their systems and privacy settings."

Next Question

How to Answer: What are the various ways to inform employees about information security policies and procedures?

Advice and answer examples written specifically for an Avanade job interview.

26. What are the various ways to inform employees about information security policies and procedures?

How to Answer

Anyone in IT leadership that is responsible for establishing and maintaining company policy and procedures for security needs to ensure that there's a system in place for monitoring corporate computers and mobile devices to protect against email viruses, malware, and data breaches. You'll find that hiring managers tend to spend a bit more time on this question because they want to gauge your level of confidence on how you implement these practices across the company and the way you communicate the procedures to all employees. The experience you share with the manager will be a reflection of your capabilities and will show that you can think outside the box. It's not uncommon for a manager to ask you to talk at length about communicating effective ways to identify phishing emails, transferring confidential files securely, password management tips, and applying privacy and security updates for all employees. This helps the manager see the level of detail that you go through to protect your company's employees.

Written by Tom Dushaj on February 5th, 2019

1st Answer Example

"If you look at statistics on how attacks were established. You will find that over 50% of attacks came from employees within a company that inadvertently allowed access to a hacker, or simply disregarded company security policy. At my last company, I was directly involved in writing the security policies and procedures, as well as setting guidelines and conducting training sessions with employees to teach them to detect phishing emails and similar scams. I demonstrated in detail what a phishing email looks like, and what to look for when they receive one, and the procedure to follow once this type of scam is identified. I created an email account so that anyone who received these phishing emails,l could send them straight to that account."

Written by Tom Dushaj on February 5th, 2019

2nd Answer Example

"During my security training sessions with employees, I explained the importance of cyber security, and pointed out the risks of an attack and the negative impact it could have on our organization if personal employee or company information is compromised. As part of the training sessions, I discussed in detail the use of and management of strong passwords, and how to use unique characters when selecting new passwords. As a way of making sure all employees were adhering to our security policies, I set quarterly reminders for everyone to change their passwords. I also had everyone apply updates to their systems and privacy settings."

Next Question