December’s security awareness topic is oversight

Outline and scope New this month

Get in touch for moreIn the most general sense, very few activities would benefit from not being overseen in some fashion, either by the people and machines performing them or by third parties.

To a large extent, management is the practical application of oversight.  It’s also fundamental to governance, compliance and many controls, including most of those in information risk and security. 

Imagine if you can a world without any form of oversight where:

  • People and organizations were free to do exactly as they wish without fear of anyone spotting and reacting to their activities;
  • Machines operated totally autonomously, with nobody monitoring or controlling them;
  • Organizations, groups and individuals acted with impunity, doing whatever they felt like without any guidance, direction or limits, nobody checking up on them or telling them what to do or not to do;
  • Compliance was optional at best, and governance was conspicuously absent. 

Such a world may be utopia for anarchists, egocentrics and despots but a nightmare scenario for information risk and security professionals, and for any civilized society!

Learning objectives

December’s security awareness and training materials:

  • Introduce oversight, providing general context and background information;
  • Inform workers generally about oversight in the sense of both neglectful omission and supervision, in the context of information risk and security;
  • Describe and discuss the managerial, procedural and technical risks, issues, controls and approaches associated with security oversight (e.g. management reviews and audits);
  • Share good practices for oversight and supervision from fields such as financial management, health and safety, and corporate governance, applying them to information risk and security;
  • Help everyone understand and appreciate the purpose and value of ‘checks and balances’, both for the organization as a whole and for those being overseen (e.g. spotting and resolving simple errors early, before they cause downstream impacts).

What about your learning objectives for this topic: what makes oversight, governance, compliance, monitoring and so forth particularly pertinent to your organization? 

Contents listing

Contents this month
Contents this month

Get this module

Subscribe to the NoticeBored service to receive this module, plus similar batches of security awareness and training materials delivered fresh to your organization every month.  We offer a wealth of top-quality creative content on a market-leading range of information risk and security topics making it easy and economic for you to run a world-class security awareness and training program.

Email us to set the ball rolling.  Find out what it takes to get your security awareness and training program quickly up to speed, for a lot less than you might think.  We’re a small company with a big reputation for quality and innovation.

If you only want this module, then yes we can do that too.

What’s next?

Tag along with us on NBlog as we work on the next awareness topic.  In addition to clues about what’s coming up, we share hints and tips on making security awareness more effective.

Home > NB this month >

Copyright © 2018 IsecT Ltd.