July’s security awareness topic: security frameworks
Outline and scope
The NoticeBored module for July concerns conceptual or architectural frameworks,
standards, methods and good practices in the area of information risk and security – ‘security frameworks’ or ‘frameworks’ for short.
Both the organization and individual workers are obliged to comply with various rules
concerning information security. Some rules are imposed on us by external authorities in the form of laws and regulations, others we impose on ourselves through corporate policies and procedures, contracts etc. There are numerous laws and regulations
relating to information security, far too many for us to cover in detail. We can only talk in general terms.
We face a similar practical constraint with corporate security policies, procedures etc.:
we are not familiar with your policies, or with your current internal compliance challenges. However, the classic pyramid structure for policies and procedures is
common enough to serve as a framework we can discuss.
July’s module is intended to:
Introduce the topic, explaining what security frameworks are and why they are both relevant and valuable to the organization;
Outline legal and regulatory compliance obligations relevant to information security;
Outline a variety of public security frameworks such as the ISO27k and NIST SP800 series standards, ITIL, OWASP, CSA, CSF and others;
Promote the adoption of good security practices from a variety of sources;
Promote the use of structured and systematic methods and approaches to information risk and security management, secure systems development, business process engineering etc. in general, blending corporate with public
frameworks where appropriate;
Stimulate people to think - and most of all act - more securely.
Consider your learning objectives in relation to this topic. In your organizational context and business situation, how is your approach to information
security best structured?
Contents listing of the module
We have also checked and updated the full suite of 71 security policy templates this month:
Get this module
Subscribe to the NoticeBored service to receive the new module, plus further batches of fresh awareness goodies every month. We offer a wealth of creative materials on a market-leading range of topics making it easy and economic for you to run a world-class security awareness and training program.
Email us to set the ball rolling. Find out exactly what is provided in the latest pack, and speak to us about getting your security awareness and training
program quickly up to speed, for a lot less than you might think. We’re a small company with a big reputation for quality and innovation. You can be assured of that.
If you only want the policies, they are available separately.
Follow along as we work on the next topic on NBlog. You’ll find hints and tips too on making security awareness more effective.