July’s awareness topic is workplace information security
Introduction and scope
July’s NoticeBored module evolved substantially from one delivered way way back in 2012.
In accordance with the ISO27k standards, the "office security" awareness module of 2012 mostly covered the physical aspects of information security for traditional offices.
This time around, we are focused on exploiting and protecting valuable information in a
much broader range of working situations - not just traditional offices but workers in many other locations using a far greater variety of ways of working.
Where and how we work today is clearly varied hence the information risks and controls are
equally varied, but there’s a unifying theme: the security awareness module concerns information risks in the work context.
The new NoticeBored workplace information security awareness module is intended to:
Introduce the topic, providing general context and background information (see above!);
Expand on the associated information risks and controls, particularly physical controls, to secure various ICT systems, data storage media and
network/communications facilities, plus non-IT information assets e.g. papers and knowledge … which brings in health and safety for workers (no, we’re not offering a
health and safety awareness service but it’s a peripheral issue worth a brief mention);
Stimulate workers (staff, managers and professionals
) to behave securely e.g
. noticing, challenging and/or reporting unaccompanied visitors, logging-off or
screen-locking systems and clearing desks before wandering off, being discreet when working in public spaces, taking care over wireless networking, and being extra
cautious in hostile environments and challenging situations.
Inside the NoticeBored module
July’s module is supplied to subscribers as an 85 Mb ZIP file containing all the following customer-editable security awareness materials:
General awareness content concerning information security in the workplace.
The material in this stream is relatively simple and non-technical, designed to appeal to, inform and motivate everyone.
It includes ‘train the trainer’ guidance for those running the security awareness program,
The management stream takes a more strategic perspective. The seminar helps managers appreciate and tackle the information risks in their typical workplaces.
The model policies enable management set the rules for workplace information security.
The metrics help them measure and manage workplace information security rationally.
Content for professionals and specialists is more technical in nature for those who need to implement the controls.
Explore the thinking that went into creating these awareness materials, and tag along as we develop next month’s module, on the NoticeBored blog.
Nurturing the corporate security culture through awareness
A security culture involves everyone in the organization, top to bottom, collectively valuing, protecting and (where appropriate!) exploiting information.
Subscribe to NoticeBored for fresh perspectives on information risk and security within the corporate context. NoticeBored picks up on the strategic,
governance, compliance and business aspects, particularly in the management stream of course but the principles underpin the general staff and
professional streams too. Information is a valuable and yet vulnerable asset that needs to be protected for sound business reasons.