How do you ensure information security in your organization?

By simply taking signature on undertaking regarding Confidentiality Obligations. it may include an email like

"Dear Team, As an employee of the company you have access to confidential and proprietary information included, but not limited to customer’s lists, contract terms, Methods of operations, project details including drawings, software specifications, codes, know how, financial information and marketing plan.

 

Under applicable law and under the term of your confidentiality agreement you are bound not to share such information during your employment even after leaving the company."

Thanks 

In my opinion you need to set a strong system of communication between employees and departments, furthermore you should know when and for whom you will send the information.

There are types of information to be strictly secured by the company or management. The important  information (except policy and procedure that can be disseminated to anybody) should few has access on it using code or password and by laws those only on the top level and middle level managers so that  if the information leak happened its easy to trace the doer.

I totally agree with My colleagues options 

I agree with Mr. Omar..............

 

• Manage Technology Life Cycle

• Establish a Password Security Policy

• Back Up Data Frequently

• Use Malware and Virus Protection

• Secure Mobile Devices

• Communicate Information Security Policies

•  Close Holes in Security Policy

• Restrict Access to all Data

• Implement a Contingency Plan

• Block Would-Be Intruders from the Network

 

Communicate it and automate password changes. Ensure your firewall rules are up to date. Have firewall policy to scan key words of main files or extensions (company customer DB, pricelist etc) Have penitratation testing done externally. Check access rights to cloud data Ensure past employee access is remove on departure. Remind staff of security policy. Remember over 80% of breaches are for an internal action or source - knowing this take appropriate security actions. Enforce policy

By Securing the People, Process and Technologies. 

You can use the gatekeeping system so that every information going out of company need to be filter before the audience can receive it.

Thanks for invitation,

- It is mandatory objective for "IT Sector / Department" in the organization to completely ensure "data and information protection" by setting all the needful restrictive procedures should applied by all the organization's staff, without any exception in this respect,

- Moreover, this is a very special vital objective to any organization, has to be well and hard controlled by the "Risk Management Department".