Information Security 101 - back to basics
Introduction and scope of the module
When a new worker initially joins an organization, they immediately start absorbing the
corporate culture – ‘the way we do things here’. Most organizations run orientation sessions to welcome newcomers and kick-start the absorption and alignment process, with
individual sessions lasting between 5 minutes and a few hours depending on the topics to be covered, local practice, and of course the audience (e.g. there may be a quick-start
process for managers, and more in-depth training for technical specialists).
Information Security 101 covers common information risks (e.g. malware) and controls that are more-or-less universal (e.g. antivirus). The awareness materials are deliberately
succinct and quite superficial: they outline key things without delving into the details. We’re not trying to tell newcomers everything about information risk and security but
to set them off on the right foot, engaging them as integral and valuable parts of the organization’s Information Security Management System.
First impressions matter, so the module helps Information Security professionals deliver
engaging awareness sessions accompanied by impressive supporting materials.
Establishing personal contacts throughout the organization is an important objective - one that we will expand upon in next month’s module on the corporate security culture.
As well as orientation, Information Security 101 also facilitates the initial launch or relaunch of an awareness program (perhaps in support of ISO/IEC 27001, GDPR, PCI-DSS or some other compliance obligation). It introduces the program, quickly bringing everybody
up to the same foundation level of awareness and understanding.
Either way, the module is intended to lead-in to an ongoing or continuous security awareness approach: it is unlikely to be sufficient by itself. Naturally, we recommend the
monthly NoticeBored subscription service for that!
The ‘Keep calm’ poster image is more than just eye-candy. That’s an important awareness
message to put across: people need straightforward instruction on what to do if there’s some sort of incident at work, ranging from where are the fire exits to what do I do if I
receive spam or scams by email. There are another 5 high-resolution poster designs in the module too.
The seminar slides, leaflets, model policies and other materials advise workers to check out the Security Zone, an area on the corporate intranet managed
by Information Security. We envisage a professionally designed and maintained area with all manner of awareness materials, including the information
security policies and procedures. Along with the Help Desk, we view the Security Zone as a focal point for anyone seeking additional information. A generic specification for the Security Zone is provided to help customers set one up from scratch or redesign theirs.
Information Security 101 is designed to:
Deliver a grounding in the fundamentals of information risk and security through general background and core concepts (e.g. a hyperlinked
glossary explaining common terms - a simplified 10 page extract from the full 300 page version delivered with other modules);
Encourage workers to think and most of all motivate them to behave more securely, acting in the organization’s best interests (our aim is not just
to inform, but to motivate, guide and encourage people to do the right thing);
Introduce workers to the security awareness program and the Information Security function (putting faces to names);
Support and foster the corporate security culture (lots more to come on that score next month!);
Encourage people to seek further information and advice when they need it (e.g. from the Security Zone and Help Desk).
What’s actually in the NoticeBored module?
Information Security 101 is delivered as an 80 Mb .ZIP file containing all the following materials, some 60 files in total:
What on Earth would we do with all that?
Information Security 101 is a bumper pack of goodies,
a smorgasbord. You’re meant to dip in, not guzzle the whole thing!
There is a broad range of materials here to cater for any organization, from micro-businesses up to global multinationals, in any industry ... but since everyone
differs, the awareness materials need to be selected and adapted to reflect the local situation. That’s why there’s a train-the-trainer guide
in every module, including this one.
For Information Security 101, the 18-page train-the-trainer guide is longer than in other modules, gently supporting customers taking their first tentative steps
into security awareness. It describes every item in the module, offering pragmatic advice on how they might be used.
As with the monthly NoticeBored awareness modules, we advise customers to skim through the materials first, thinking about the content and how to use
it. Some items may be of little value to you (at least not right now) and that’s fine. Others will be ideal, right on the button. Some will be things you
hadn’t thought of doing before, or maybe never had the time and energy to prepare suitable materials. Now, there’s no excuse!
The NoticeBored content is professionally designed, written and polished to a high standard - literally camera ready if you don’t feel the need to
customize or adapt it. It does need to be checked-through, and we recommend liaising with HR, Compliance, IT and other functions to make sure it supports and doesn’t conflict with anything.
The train-the-trainer guide offers pages of creative tips for security awareness activities and approaches, drawing on our decades in the field, plus an
innovative menu suggesting gold, silver and bronze-level rewards to reinforce the awareness program by encouraging and thanking workers who get actively involved.
Whereas it is included in the regular NoticeBored subscription service for free,
get in touch to buy the InfoSec 101 module on its own for a special price: just
Nurturing the corporate security culture through awareness
A security culture involves everyone in the organization, top to bottom, collectively valuing, protecting and (where appropriate!) exploiting information.
Subscribe to NoticeBored for fresh perspectives on information risk and security within the corporate context. NoticeBored picks up on the strategic, governance, compliance and business aspects, particularly in the management stream of course but the principles underpin the general staff and
professional streams too. Information is a valuable and yet vulnerable asset that needs to be protected for sound business reasons - not just for compliance or because we say so.
* Plus GST for Kiwi customers