The
NoticeBored security awareness module for July concerns conceptual or architectural frameworks,
standards, methods and good practices in the area of information risk and
security – ‘security frameworks’ or ‘frameworks’ for short.
Both the
organization and individual workers are obliged to comply with various rules
concerning information security. Some
rules are imposed on us by external authorities in the form of laws and
regulations, others we impose on ourselves through corporate policies and
procedures, contracts etc.
There are
numerous laws and regulations relating to information security, far too many
for us to cover in detail. We can only
talk in general terms.
We face a
similar practical constraint with corporate security policies, procedures etc.: we are not familiar with NoticeBored subscribers' policies, nor with their current internal compliance challenges. But the ‘policy pyramid’ is a near universal structure or
framework, so the generalities apply again ... and for good measure we're supplying an updated suite of 71 security policy templates along with July's awareness content (the policies are sold separately too).
The module provides a sound platform or
starting point to raise awareness of good security practices, frameworks and structured approaches.
Next month we’ll move
on to cover insider threats -
threats originating within the organization from its employees, contractors,
consultants, temps, interns and more. August’s
module will be simpler and more practical, less conceptual than July’s.
