Computer Security: 20 Things Every Employee Should Know

Rothke's calm, commonsense tone will help you get folks onboard with the security tasks that really matter. Keeping passwords secure. Transferring files safely. Being secure when you're accessing the network remotely. Protecting notebooks and PDAs. Disposing of digital media without leaking information. "Social engineering" tricks to watch out for. And how to put all this stuff in context, so you don't become obsessive or paranoid.

You may need to supplement this booklet with a few of your own company's policies, but Rothke's sensitive to that. He'll take you more than 90 percent of the way. Think about buying a stack of these and passing them around. At $7.95, that's actually doable. But, hey, it's not just your employees who need this book. You do, too. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition

Rating:
Summary: Rothke's book is a superb addition to any security awareness
Review: At 51 pages, this title is little more than a pamphlet compared with most IT security books. But here, brevity is a virtue, and I don't expect this slim volume to spend much time on the shelf.

Full of pithy, interesting quotes and bite-size chunks of information, this primer will fit perfectly into your IT security awareness campaign or into the introduction pack for every new hire.

This whistle-stop tour of information security hits all the right notes, is an easy read and is credible without resorting to fear tactics. My desk copy has already been well thumbed by those waiting for me to finish phone calls.

A large-scale security group could probably gather this same information and tailor it to their internal audience, but why bother? For smaller shops and those without much spare time, Rothke's book is a superb addition to any security awareness push.

from: http://www.computerworld.com/securitytopics/security/story/0,10801,88174,00.html

Rating:
Summary: Common sense computing advice for employees
Review: Employers who want to get their new staff acquainted with their systems, and with general office procedure, of which the computer is a major factor, have a detailed handbook in Ben Rothke's Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Osborne Media; $7.95). This short manual is ideal for new or entry-level employees who have limited experience working with computers, and it is also a handy tool for employees who want to reacquaint themselves with simple measures to secure their computer data and other resources.

The book is short and quick to read -- less than 60 pages. Each chapter is clear and concise, with a three-point summary followed by a reminder quotation at the end. The writing style makes the material easy to recall -- the layout follows a "to do list" style that allows you to check off the main ideas as you go along. A glossary supplements the text, with terms not only related to computer use but also to key tech terms used in the corporate office.

With a range of guidelines from how to safely use and protect passwords, to using e-mail and digital media devices, to understanding the relationship between employees and their workspace, Rothke reminds us of how basic rules of office etiquette can help in protecting your computer from abuse by what he calls "social engineers." Rothke states one main idea that is worth noting -- computer security involves job security. Computer Security is an exposé directed at potential victims of security breaches and is a manual for self-protection in the workplace. While the text may sometimes seem repetitive and some ideas may appear obvious, these practical reminders can help reinforce what so many employees often forget or may not know at all. Rothke's guide is ideal for managing minor security issues. But the best advice he gives is to leave major IT issues for the IT staff.

SIMPLE RULES
Follow these easy-to-remember tips for safe computing at work or on the road:
Know about the company security policy and follow it.
Don't forward any type of security advisory or virus warning. Simply put, it's not your job.
Be aware of the myriad data security risks of working outside of the corporate confines. These include theft of both devices and data.
When on the road, make use of a personal firewall.
Though small, PDAs require just as much security as a full-size PC.
Work with the IT department to identify backup resources, file locations and the backup schedule.
Make sure to log off or lock your screen when you walk away -- even if it's just for a few minutes.

(...)

Rating:
Summary: A *must* for Iall computer users!
Review: How can you educate non-tech personnel on computer security? Buy them this book. It's brief and clear enough for even the most clueless end user to understand!

Companies should be buying this book by the boxload. It will save them a world of aggravation.

Rating:
Summary: Ideal for a handbook in computer security for all employees
Review: If a company wishes to survive in the current environment where predators of all types are everywhere, then they must protect their assets. It only takes one mistake to open the protective dikes and let a person with malicious intent to gain access to important company information. Therefore, a fundamental part of company protection is educating all their employees in the basics of computer security. To do this, a short course in computer security basics is necessary, which should include behavior guidelines and threats of punishment if they are not followed.
If you are looking for a handbook to use for a short course in computer security, then this book is for you. Short and to the point without any unnecessary jargon, it can be read and understood by everyone. The twenty points presented are unquestionably those that would be in everyone's top twenty list of actions that the standard employee should perform.
Given the recent virus and terrorist threats, government mandated rules for privacy, and the exponential increase in Internet usage, computer security is rapidly becoming the most serious and dangerous issue faced by many businesses. The solution is to educate all employees in the basics of computer security, which can be done using this book as a resource.

Rating:
Summary: An excellent end-user book
Review: It is easy for end-user (i.e. employees) to understand some real-life security problems and the author will provide practical tips and solutions for every topic.
It is an excellent source to reference so as to provide a security awareness training indeed. It is because we should keep something simple. Even we could sella company to purchase this book for their employees. Light-weight and simple but not simplistic handbook is useful for people to understand their positions and roles as well as relevant response and action. in security-related issues.

Rating:
Summary: An excellent end-user book
Review: It is easy for end-user (i.e. employees) to understand some real-life security problems and the author will provide practical tips and solutions for every topic.

It is an excellent source to reference so as to provide a security awareness training indeed. It is because we should keep something simple. Even we could sella company to purchase this book for their employees. Light-weight and simple but not simplistic handbook is useful for people to understand their positions and roles as well as relevant response and action. in security-related issues.

Rating:
Summary: Calling All Managers & Executives-This book is a must-have!
Review: Perhaps the greatest vulnerability to our information is lack of awareness. This book is the perfect way to spread the word to help prevent security breaches. The title says it all - everyone from executive managers to human resources to end users can benefit from it. I'm a true believer that people benefit the most from practical advice presented in a non-technical fashion. This book executes that flawlessly.

Rating:
Summary: Very good policy book
Review: This is a great book to give to every corporate user who quickly needs to come up to seeped on what they need to do.

Each chapter is short and to the point. Exactly what a end-user needs. We got 25 copies and saw immediacy in the benefits.


Rating:
Summary: Provides baseline security reminders
Review: This pamphlet sized book is a great training platform for keeping awareness up to par in your organization. It provides a baseline security reminder for 20 of the most key aspects of information security initiatives in an enterprise. This would be a useful aid in a classroom security review program or awareness training course. The points are simple and well written and apply to all users of a network environment.