Whereas usually our awareness and training modules focus in some depth on one of the 70 information security topics in our portfolio, Information Security 101 is a broad but shallow module. It is designed to bring workers quickly up to speed on the basics of information risk and security during security induction courses, for periodic refresher training, or when launching an awareness program.
As soon as a new worker arrives, they start absorbing and being assimilated into the corporate culture, picking up ‘the way we do things here’. Sensible organizations run orientation sessions to welcome newcomers and kick-start the cultural integration.
InfoSec 101 covers common information risks (e.g. malware) and information security controls (e.g. antivirus). The materials are deliberately succinct, outlining key aspects without delving into the details. We’re not trying to tell workers everything about information risk and security all at once but to set them off on the right foot, engaging them as integral and valuable parts of the organisation’s Information Security Management System. It’s a gentle introduction, more splash in the paddling pool than high dive at the deep end!First impressions matter, so the module helps Information Security, HR or training professionals deliver interesting and engaging awareness sessions accompanied by impressive, top-quality supporting materials. Establishing personal contacts throughout the organization gradually expands the Information Security team across the enterprise - more ‘eyes and ears’ out there. This alone would be well worth the investment!
As well as induction or orientation purposes, InfoSec 101 also facilitates the launch or relaunch of an awareness and training program in support of relevant laws and regulations (GDPR for instance), ISO/IEC 27001, PCI-DSS and other compliance obligations. It introduces the program, quickly bringing everybody up to the same foundation level of awareness and understanding.
Either way, the module is intended to lead-in to an ongoing or continuous security awareness and training approach: it is unlikely to be sufficient by itself.
The seminar slides, leaflets, model policies and other materials advise workers to check out the Security Zone, an area on the corporate intranet managed by Information Security with all manner of awareness and training materials such as your policies and procedures. Along with the Help Desk, the Security Zone is a focal point for anyone seeking additional information and advice. A generic functional specification for the Security Zone is provided in the module to help you set one up from scratch or review and perhaps redesign your existing site.
No comments:
Post a Comment
The floor is yours ...