Today, Information Security is achieved through investments into technology, processes and the human. Research indicates that company employees still represent the weakest link in the Information Security chain. ESAM is an Information Security Culture Change Program that supports “change in employee attitude”, which takes the biggest share in return on investments for the purpose of effective use of technology investment in Information Security. The set of products designed according to this method is referred to by the same name.
- Integrable into corporate security policies
- Adaptable to internal communication model
- Evaluates Information Security practices and provides concrete data for the management
- Provides e-Learning, classroom training and visual reinforcement/promotion materials
- Built upon co-operation of Information Technologies and Human Resources
Objective of ESAM
The primary objective of the ESAM program is to improve internal Information Security, and most importantly, to turn it into an indispensable part of the corporate culture and code of conduct.
Implementation of ESAM
While it is customized by Lostar experts in connection with specific needs, the key steps in the implementation of ESAM are as follows:
- Problem Description: In meetings held with related parties and managers, the needs giving rise to ESAM implementation, and the target structure are determined and reported.
- Assessment: This step covers the development of information gathering solutions and of the employee questionnaire necessary to measure the baseline in relation to the need.
- Information Sharing: Sharing the necessary information with the employees using classroom training and/or e-learning methods takes place in this phase.
- Reinforcement Activities: This phase includes the reinforcement activities that will create changes in behaviors through refreshers and internal marketing methods. These activities use creative internal marketing methods (games with small rewards, contests, etc.) in addition to existing communication methods.
- Periodic Assessment: New risks and changes in conditions are assessed on the basis of works carried out at three- to six-month intervals, and reinforcement activities are steered accordingly.
- Corporate Ethics
- Corporate Policies
- Social Engineering
- Internet Usage
- PC Security
- Portable Computers
- Physical Security
- Individual Security
- Internet and our Children
- …other specific topics
ESAM is a constant program that goes on continually following the initial three-month basic work and targets all employees of the organization. This program is coordinated and conducted by the Information Technologies, Information Security, and Human Resources (internal communication and training) that are set up with the support of Lostar consultants.