When someone initially joins an organization, they immediately
start absorbing the corporate culture – ‘the way we do things here’ – gradually
becoming a part of it. Most
organizations run security orientation or induction sessions to welcome
newcomers and kick-start the cultural integration process, with individual sessions lasting between a few minutes and a few hours depending on the topics to be covered, local
practice, and of course the audience (e.g. there may be a quick-start process
for managers, and more in-depth training for technical specialists).
Let's be honest: orientation tends to be as dull as a lecture on the dangers of teenage pregnancy. It's trial-by-fire, something to be endured rather than enjoyed.
The new NoticeBored Information Security 101 module covers
common information risks (e.g. malware) and controls that are more-or-less
universal (e.g. antivirus). The
awareness materials are deliberately succinct and quite superficial: they
outline key things without delving into the details.
Given the context of a continuous NoticeBored-style security awareness program delivering a stream of fresh materials, there's no need to cover everything
about information risk and security in one hit. The pressure's off. Relax! All we really need in the induction session do is help newcomers set off on the right foot,
engaging them as integral and valuable parts of the organization’s Information
Security Management System.
That leaves room to focus on an even more important objective, one that we will expand upon in next month’s module. Building relationships between Information Security professionals and business people in general, makes a huge difference to the corporate security culture. Think about it: would you rather pick up the phone to the friendly professional who took time to meet you when you joined the organization, or a total stranger?
First impressions count, so the module is designed to help Information Security deliver engaging and interesting induction sessions accompanied by impressive
supporting materials.
As well as orientation, Information Security 101 also
facilitates the initial launch or relaunch of an awareness program (perhaps in
support of an ISO/IEC 27001 Information Security Management System, for PCI-DSS,
or for other compliance reasons). It
introduces the new program, quickly bringing everybody up to the same
foundation level of awareness and understanding. We're literally getting them on the same page in the sense of introducing and explaining the corporate information security policy.
The InfoSec 101 module costs just US$645 (plus GST for Kiwis) ... or free as part of a regular NoticeBored subscription. Email me!
The InfoSec 101 module costs just US$645 (plus GST for Kiwis) ... or free as part of a regular NoticeBored subscription. Email me!
No comments:
Post a Comment