Information Security 101 - back to basics
 Introduction, scope and purpose of this module
InfoSec 101 is a broad but relatively shallow awareness module. It is intended to
bring workers quickly up to speed on the basics of information security - just the essentials. The module contains a comprehensive suite of awareness and training
materials covering the information security controls that pretty much everyone ought to be using.
Rather than attempting to cover all of information security in one go, we’re setting
workers off on the right foot. In time they will be assimilated into the organisation’s security culture. InfoSec 101 covers common information risks (e.g. malware) and
information security controls (e.g. antivirus). The materials are deliberately succinct, outlining key aspects without delving into the details.
InfoSec 101 is primarily designed for new worker orientation or induction training -
ideally interactive sessions facilitated by a presenter who knows information security quite well but the content is sufficient to brief any presenter (e.g. a trainer
from HR). You might post the content on your intranet Security Zone (more below) or import it into a Learning Management System for self-paced learning .
First impressions matter, so the module helps Information Security, HR or training professionals deliver interesting and engaging awareness sessions accompanied by
impressive, top-quality supporting materials. Establishing personal contacts throughout the organization gradually expands the Information Security team across
the enterprise, meaning more ‘eyes and ears’ out there. This benefit alone is well worth the investment but there’s more.
For newly-promoted managers, the management stream includes appropriately-styled content covering the fundamentals of governance, risk management and
compliance - important concepts with which they may not have much prior experience.
As well as induction or orientation purposes, use InfoSec 101 to launch or re-launch an awareness and training program in support of relevant laws and
regulations (GDPR for instance), ISO/IEC 27001, PCI-DSS and other compliance obligations. It introduces the program, quickly bringing everybody up to
the same foundation level of awareness and understanding.
InfoSec 101 also supports refresher training to get workers back on track with information security if, for whatever reason, they have fallen behind and
need reminding of the basics. Manual workers, for instance, may have little interest in the regular security awareness and training activities throughout
the year, whereas a short, focused, annual update might be worth their time and fulfil the organization's compliance obligations.
The seminar slides, leaflets, model policies and other materials advise workers to check out the Security Zone, an area on the corporate intranet managed
by Information Security with all manner of awareness and training materials such as your policies and procedures. Along with the Help Desk, the Security Zone is a focal point for anyone seeking additional information and advice. A generic functional specification for the Security Zone is provided in the
module to help you set one up from scratch or review and perhaps redesign your existing site.
Finally, this module supports the launch or re-launch of a security awareness and training program, enabling you to get the entire workforce quickly up to
speed with the foundations on which the program will build in successive periods.
Learning objectives
InfoSec 101 is designed to:
-
Deliver a grounding in the fundamentals of information risk and security through general background and core concepts (e.g. a hyperlinked
glossary explaining common terms - a simplified 10-page extract plus the full 300+ page glossary);
-
Introduce workers to the security awareness and training program, and the Information Security function (putting faces-to-names);
-
Give a heads-up on the corporate security policies and procedures, the rules of the game;
-
Support and foster the corporate security culture, growing social links through the organization with substantial long-term benefits;
-
Encourage workers to think and motivate them to behave more securely - do the right thing as well as do things right;
-
Direct workers to sources of further information, advice and guidance as required.
What’s actually in the module?
InfoSec 101 is delivered as a .ZIP file containing all the following materials - some 55 files totalling 73 Mb compressed:
What on Earth would we do with all that?
 InfoSec 101 is a bumper pack of goodies, a
smorgasbord. You’re meant to dip in, not guzzle the whole thing!
There is a broad range of materials here to cater for any organization, from micro-businesses up to global multinationals, in any industry ... but since everyone
differs, the awareness and training materials need to be selected and adapted to reflect the local situation. The train-the-trainer guide is a good place to start
with a stack of creative tips for security awareness and training activities or approaches, drawing on our decades in the field.
The content is professionally designed, written and polished to a high standard - literally camera ready. However, we provide unlocked customer-editable
materials so you can brand, customize and adapt the materials to suit your purposes.
We recommend skimming right through the materials first, thinking about the content and how to use it. Some items may be of little interest to you right
now while others will be ideal, right on the button. Some will be things you hadn’t thought of doing before, or maybe never had the time and energy to
prepare suitable materials. Now, there’s no excuse!
It does need to be checked though, and we recommend liaising with HR, Compliance, IT and other functions to make sure it supports and doesn’t conflict with anything.
 How to purchase
Visit our eShop SecAware.com to purchase and download the module instantly
|
