Information Security Awareness Training

information security awareness training business slide

Please see the below components to consider when conducting Information Security Awareness Training.

Audience Identification of Information Security Awareness Training

Consider these audiences:

  • The entire company/all employees
  • The entire company leadership team/all managers and supervisors
  • The entire company technical team/all IT technical personnel
  • The entire company administrative team/all administrative and clerical personnel

Personal Computer Wisdom

Audience: The entire company

Needs/Concerns:

  • to understand corporate policy
  • to understand their individual responsibility
  • to understand copyright laws
  • to understand the risk with "shareware" and "freeware"
  • to understand the importance of making regular backups
  • to understand proper media handling
  • to understand the risk with foreign media
  • to understand the ramifications of viruses and how to protect against them
  • to understand the policy governing non-business use
  • to understand the importance of good housekeeping in the work environment
  • to understand the consequences of failing to logoff
  • tips regarding physical protection of laptops

Employee Handbook Kit includes two Employee Handbook templates for Professional & Manufacturing. Includes over 60 policies and benefits templates.

Employee Handbook Policies & Benefits

Managers’ Responsibilities

Audience: The entire company leadership team

Needs/Concerns:

  • to understand corporate policy - company and customer
  • to understand their individual responsibility/liability
  • to understand their responsibility for the protection and integrity of assets under their control
  • to understand their responsibility to promote Information Security Awareness
  • obligation to see that unauthorized access violation reports are reviewed and resolved
  • obligation to investigate and correct known exposures
  • responsibility to ensure that information security personnel are informed of all personnel transfers and terminations
  • responsibility to ensure that material is disposed of properly
  • responsibility to incorporate the segregation of duties concept where it makes good business sense
  • responsibility to ensure that the overall work environment is secure, and that information is protected during all phases of testing, and that the test and production environments are kept separate
  • perform periodic random reviews of employee activities and datasets to act as a deterrent against non-business use of company resources
  • responsible for compliance with all corporate policy, especially Information Security and Business Continuity.
  • responsibility to ensure each users access is limited to the minimum transaction and command sets necessary to accomplish assigned tasks

Employee Responsibilities

Audience: The entire company

Needs/Concerns:

  • to understand corporate policy
  • to understand their individual responsibility
  • to realize their ethical responsibility
  • to educate them of corporate and local policies
  • to make them aware of proper material disposal methods
  • to make them aware of their responsibility for the protection and integrity of assets under their control
  • to apprise them of good password habits
  • responsibility to ensure their individual work areas are secure
  • responsibility for their own individual business continuity compliance
  • responsibility for physical security
  • ethics as it pertains to knowledge of customer plans and information
  • to understand the importance of good housekeeping in the work environment

Get certified in Risk Management through our completely on-line training system. Study at your own pace.

Risk Management Certification

Contingency Management Issues

Audience: The entire company

Needs/Concerns:

  • to understand corporate policy
  • to understand individual responsibility
  • to understand customer service level requirements
  • to understand proper mitigation/prevention procedures
  • to understand proper backup, offsite storage, and recovery procedures
  • to understand need for alternate processing strategy
  • to understand need for a network recovery strategy
  • to understand need to document disaster recovery plans
  • to understand need to assist in development of customer reaction plan
  • to understand need to do disaster recovery plan testing
  • to understand benefit of continuous improvement of plans

Crisis Management Issues

Audience: The entire company

Needs/Concerns:

  • to understand corporate policy
  • to understand their individual responsibility
  • to understand the need for evacuation, severe weather, and bomb threat plans
  • to understand what to do; where to go; who to contact

Information Retention, Disposal, and Handling Issues

Audience: The entire company

Needs/Concerns:

  • to understand corporate policy
  • to understand their individual responsibility
  • to understand need to identify sensitive information
  • to understand need to classify sensitive information
  • to provide advice concerning printing of sensitive information
  • to provide advice concerning faxing of sensitive information
  • to understand concerns with voice transmissions and cellular phones
  • to understand proper distribution techniques regarding sensitive information
  • to provide advice concerning the reproduction of sensitive information
  • to provide advice on proper disposal techniques for sensitive information

TrainingKeeper Software. Keep, organize and plan all your employees' training and activities. Software includes multi-user support with reports, certs, and calendars.

TrainingKeeper Software

Telecommunication Issues

Audience: The entire company

Needs/Concerns:

  • to understand corporate policy
  • to understand their individual responsibility
  • to understand disaster recovery concerns regarding networks and PBX's
  • to understand concerns with modems
  • to understand need for encryption
  • to apprise of latest PBX toll fraud schemes
  • to understand concerns with cellular phones and voice mail
  • to understand travel call card concerns
  • to understand voice mail concerns and protection mechanisms

Local Area/Wide Area Network Issues

Audience: The entire company

Needs/Concerns:

  • to understand corporate policy
  • to understand individual responsibility
  • to understand virus concerns
  • to understand backup and recovery concerns
  • advice on theft prevention
  • to understand copyright and licensing concerns
  • to understand concerns with downloading of sensitive data
  • to inform of policies governing password standards
  • to inform of good housekeeping practices
  • to inform of local policy and procedures
  • to advise of client/server risks
  • to apprise of dial-up access concerns and concern with modems

Media Identification

  • Newsletter
  • Bulletin boards
  • Desk tops
  • Memorandums
  • Classes
  • Email
  • Voice mail

Your ISO 9001:2015 Kit includes Templates, QA Manual, Implementation Guide and a Gap Assessment Internal Audit Tool for ISO 9001:2015

ISO 9001:2015 QMS Implementation Kit

Communication Opportunities

Communication opportunities to reach the appropriate audience may include, but are not limited to the following:

  • Leadership meetings
  • Team meetings
  • Planned series of desired messages using an available media type from above.

Support Definition

Materials that may be available from outside companies, or may need to be internally generated:

  • Newsletter
  • Brochures
  • Standardized presentations
  • Videos
  • Posters
  • Security bulletin board
  • Security guidelines
  • Supporting publications
  • Courses

Measurement/Evaluation

To measure and evaluate the effectiveness of our awareness program, we will do the following:

  • The MAIN method we will use to measure the success of our program will be to conduct mini-audits, consisting of five to ten observable items, which will be conducted before and after each main message of our program, to determine whether or not there has been any behavior change as the result of our Information Security Awareness Training program.
  • Track the number of audit comments related to the issues covered by our awareness program to determine if there was a decrease.
  • Track the number of viruses encountered to determine if there was a decrease.
  • Conduct surveys regarding the effectiveness of our awareness program.
  • Request feedback regarding our awareness program for continuous improvement.

8D Manager Software with 8D, 9D, 5Y and 4M report generator. Your corrective action software for managing, measuring, and reporting issues.

8D Manager

Program Construction for Information Security Awareness Training

Program Schedule

The Master schedule/calendar of Information Security Awareness materials development, materials acquisition, and materials and message distribution.

Materials

Develop or obtain the necessary materials from an outside resource.

Communications Development

Develop communications for needs that are unique to the local organization to supplement the overall program.

Implementation

Implement the Information Security Awareness Training Program according to the schedule developed in Program Construction Section I Program Schedule. Be flexible and adjust the schedule to the immediate needs that may occur within the organization. Promote Information Security Awareness at events and opportunities as they become available.

Review/Revise Program

I. Effectiveness Measurement

Measure the effectiveness of the Information Security Awareness Training Program utilizing the activities designed in Program Design Part VI Measurement/Evaluation.

II. Feedback Review

Analyze the feedback from the measurements/evaluations and incorporate the analysis into future planning for the Information Security Awareness Training Program.

III. Revision Strategy

Review and revise materials periodically to keep them current. It is recommended this be done by building the review process into the continuing master calendar/schedule planning process.

IV. Continuous Improvement

Information Security Awareness Training is a perpetual process, it is not a "quick fix". As the Program unfolds, and feedback is received, begin performance planning for the ongoing Program. Information Security related behaviors and knowledge can always be improved.

Widget is loading comments...

More Info

  • Learn the steps to conduct software installation and upgrade process within your business to prevent mishap.

    Software Installation and Upgrade Process

    Learn the steps to conduct software installation and upgrade process within your business to prevent mishap.

  • Learn how to protect against phishing. This article identifies the most common phishing attacks and the steps your company can take to eliminate them.

    How To Protect Against Phishing

    Learn how to protect against phishing. This article identifies the most common phishing attacks and the steps your company can take to eliminate them.

  • This article discusses how to prevent computer virus download. It covers methods of virus attacks, how to prevent company damage, and much more.

    Prevent Computer Virus Download

    This article discusses how to prevent computer virus download. It covers methods of virus attacks, how to prevent company damage, and much more.

  • Review this building security checklist for a list of do's and don'ts. Use this article to teach your employees about building security and social engineering threats.

    Building Security Checklist

    Review this building security checklist for a list of do's and don'ts. Use this article to teach your employees about building security and social engineering threats.

  • The future of computer security is biometric verification

    Biometric Verification

    The future of computer security is biometric verification

  • Learn how to backup computer data for company PCs. This article lists questions your company should ask when setting up a backup system.

    Backup Computer Data

    Learn how to backup computer data for company PCs. This article lists questions your company should ask when setting up a backup system.

  • This article provides the key elements to include in an IT audit program. It considers current situation assesment, high level needs, organizational needs, PC user issues, manager responsibility, contigency, crisis, risk and a host of other issues.

    IT Audit Program

    This article provides the key elements to include in an IT audit program. It considers current situation assesment, high level needs, organizational needs, PC user issues, manager responsibility, contigency, crisis, risk and a host of other issues.

  • This article discusses business methods to prevent scary emails such as legal liability issues and describes other risks for allowing them.

    Prevent Scary Emails

    This article discusses business methods to prevent scary emails such as legal liability issues and describes other risks for allowing them.

  • This article covers network security information which focuses on IT Policy, Information Security Awareness, and IT Compliance

    Network Security Information

    This article covers network security information which focuses on IT Policy, Information Security Awareness, and IT Compliance

  • Data protection tips for your company. This article covers important issues for business data protection and data recovery

    Data Protection Tips

    Data protection tips for your company. This article covers important issues for business data protection and data recovery

  • This article covers a detailed corporate email policy. You can also freely download this policy.

    Corporate Email Policy

    This article covers a detailed corporate email policy. You can also freely download this policy.

  • This corporate internet policy covers criteria, personal use, violations, best practices and more. Download it for free and use it for your business!

    Corporate Internet Policy

    This corporate internet policy covers criteria, personal use, violations, best practices and more. Download it for free and use it for your business!

  • Company Strike Preparation guidelines minimize company risks and downtime during a company strike.

    Strike Preparation Guidelines

    Company Strike Preparation guidelines minimize company risks and downtime during a company strike.

  • Review this IT audit tool and guide. We cover scope, physical, access control, data and applications security issues. Learn what to look for and questions to ask during the audit. We also cover what to do prior and during an IT audit.

    IT Audit Tool and Guide

    Review this IT audit tool and guide. We cover scope, physical, access control, data and applications security issues. Learn what to look for and questions to ask during the audit. We also cover what to do prior and during an IT audit.

  • This article on information security notes and policy covers many key items your business needs to consider when setting up an information security system.

    Information Security Notes and Policy

    This article on information security notes and policy covers many key items your business needs to consider when setting up an information security system.

  • This article provides guidelines for creating a computer protection security policy at your workplace. It covers general principles, passwords, copyrights, licensing, protection, prevention, and security

    Computer Protection Security Guidelines

    This article provides guidelines for creating a computer protection security policy at your workplace. It covers general principles, passwords, copyrights, licensing, protection, prevention, and security


Quality Assurance Solutions
Robert Broughton
(805) 419-3344
USA
email
Enjoy this page? Please pay it forward. Here's how...

Would you prefer to share this page with others by linking to it?

  1. Click on the HTML link code below.
  2. Copy and paste it, adding a note of your own, into your blog, a Web page, forums, a blog comment, your Facebook account, or anywhere that someone would find this page valuable.

All Products

Software, Videos, Manuals, On-Line Certifications

PDCA Complete

An Organizational Task Management System. Projects, Meetings, Audits & more

8D Manager

Corrective Action Software

TrainingKeeper Software

Plan and Track Training

Snap Sampling Plans!

AQL Inspection Software

QAS Business Slide Deck

450+ Editable Slides with support links

TRIZ Kit

Learn and Train TRIZ

ISO 9001:2015 QA Manual

Editable Template

ISO 9001:2015 QMS Kit

Templates, Guides, QA Manual, Audit Checklists

ISO 14001:2015 EMS Kit

EMS Manual, Procedures, Forms, Examples, Audits, Videos

On-Line Accredited Certifications

Six Sigma, Risk Management, SCRUM

All Products

Software, Videos, Manuals, On-Line Certifications