December’s security awareness topic is oversight
Outline and scope
In the most general sense, very few activities would benefit from not being overseen in
some fashion, either by the people and machines performing them or by third parties.
To a large extent, management is the practical application of oversight. It’s also
fundamental to governance, compliance and many controls, including most of those in information risk and security.
Imagine if you can a world without any form of oversight where:
People and organizations were free to do exactly as they wish without fear of anyone spotting and reacting to their activities;
Machines operated totally autonomously, with nobody monitoring or controlling them;
Organizations, groups and individuals acted with impunity, doing whatever they felt like without any guidance, direction or limits, nobody checking up on
them or telling them what to do or not to do;
Compliance was optional at best, and governance was conspicuously absent.
Such a world may be utopia for anarchists, egocentrics and despots but a nightmare scenario for information risk and security professionals, and for any civilized society!
December’s security awareness and training materials:
Introduce oversight, providing general context and background information;
Inform workers generally about oversight in the sense of both neglectful omission and supervision, in the context of information risk and security;
Describe and discuss the managerial, procedural and technical risks, issues, controls and approaches associated with security oversight (e.g. management reviews and audits);
Share good practices for oversight and supervision from fields such as financial management, health and safety, and corporate governance, applying them to information risk and security;
Help everyone understand and appreciate the purpose and value of ‘checks and balances’, both for the organization as a whole and for those being overseen (e.g. spotting and resolving simple errors early, before they cause downstream impacts).
What about your learning objectives for this topic: what makes oversight, governance, compliance, monitoring and so forth particularly pertinent to your organization?
Get this module
Subscribe to the NoticeBored service to receive this module, plus similar batches of security awareness and training materials delivered fresh to your
organization every month. We offer a wealth of top-quality creative content on a market-leading range of information risk and security topics making it
easy and economic for you to run a world-class security awareness and training program.
Email us to set the ball rolling. Find out what it takes to get your security awareness and training program quickly up to speed, for a lot less than you
might think. We’re a small company with a big reputation for quality and innovation.
If you only want this module, then yes we can do that too.
Tag along with us on NBlog as we work on the next awareness topic. In addition to clues about what’s coming up, we share hints and tips on making
security awareness more effective.