January 22, 2008
Suzanne Rumsey at Knowledge Infusion discussed Fortune’s 100 Best Places to Work. I agree with her question of what it really means to be a great place to work.
Just looking at a few of the companies on the list, I know they have a good reputation outside of the Fortune list. However, I often wonder about the regional (smaller) surveys that companies use on their career pages. The local “Best Place To Work” awards.
Do the surveys do more than look at benefits and perks? I want to know if people are actually encouraged to use benefits like educational reimbursements and sabbaticals. Are they internally marketed, promoted, supported, and, better yet, used? That, to me, is the marker of a great place to work. As difficult as it may be to gather, I want to see data that shows how much all the great perks are used and how that relates to employee enthusiasm- and the bottom line. Yes, I know, I ask for a lot.
![[Slashdot]](http://slashdot.org/favicon.ico)
![[Digg]](http://digg.com/favicon.ico)
![[Reddit]](http://reddit.com/favicon.ico)
![[del.icio.us]](http://del.icio.us/favicon.ico)
![[Facebook]](http://www.facebook.com/favicon.ico)
![[Technorati]](http://technorati.com/favicon.ico)
![[Google]](http://www.google.com/favicon.ico)
![[StumbleUpon]](http://www.stumbleupon.com/favicon.ico)
No Comments » | 
General | Tagged: 10, 16, 5, 6 | 
Permalink
Posted by melinamurray
January 22, 2008
I was reading a post by Mike Murray today about Social Engineering and awareness in business. (full disclosure: Mike is my husband, in addition to being a respected blogger) When I got to the end, I thought, wait! there is more to it!.
The problem with this is simple: an agile, responsive and successful business is built on a lack of boundaries and a healthy set of organizational trust. The kind of mistrust that most infosec people would engender intentionally in their users would cause significant inefficiencies within most organizations.
So, if we’re not teaching our users to not blindly give out information, or to verify everything, what do I think we should be teaching them?
Instinct. Most who are in infosec have developed an instinct for when things “don’t smell right”. When an email just seems a little bit “phishy” (pun intended).
It is not just about trust or mistrust. One of the deeper issues is- what motivation the employees have to act on instinct, or suspicion? Why would they want to protect the company against social engineers? An employee who does doesn’t care much about their job and only comes in for the paycheck probably won’t be putting too much effort into protecting the company’s information. However an employee who is engaged, feels like a valued member of the team (at large) and understands the hows and whys will most likely be the hardest ones to “break”.
The people at the front lines (admins, reception, etc) are often the ones who have the most power to give out information, names, and/or open the door. These are also often the employees who are given the least attention, training and respect. Encourage your employees to ask questions when something doesn’t “smell right”! Congratulate them when they are successful protectors. Above all, remember perceived value goes full circle.
No Comments » | General | Tagged: 10, 12, 27, 28, 29 | Permalink
Posted by melinamurray
