Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Recommendations on Security Awareness and Training

  Quote
Guest
Guest user Created:   Aug 20, 2021 Last commented:   Aug 20, 2021

Recommendations on Security Awareness and Training

Could you ask one of your ISO 27001 experts for their recommendations on Security Awareness and Training.

1 - How do I get this going in my company?

2 - What will the auditor be looking for in this requirement?

 

0 1

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 20, 2021

1 - How do I get this going in my company?

The first thing you need to do is identify which gaps of incompetence you have (i.e., which knowledge, or skills your employees need to have). Some examples are:

  • Use of passwords
  • Backup operation
  • Software installation and patching
  • Performing of internal audit

Second, you need to define the method to be applied: training sessions, workshops, newsletters? What will work best for your company? On which frequency to perform them (e.g., weekly, monthly, annually?)

After that, you need to evaluate if these gaps can be fulfilled by internal personnel, or you will need external support.

Once you have these answers, you can start defining your training and awareness plan.

These articles will provide you a further explanation about awareness:

This material will also help you regarding awareness:

2 - What will the auditor be looking for in this requirement?

For clause 7.2 (competence), the auditor will be looking for evidence that you have:

  • determined which security competencies are necessary
  • identified gaps in knowledge, skills, and/or experience in information security related to activities that employees need to perform (e.g., secure development skills for the development team)
  • performed actions to fulfill those gaps (e.g., by means of training attendance lists, certificates, etc.) and verified that those actions were effective.  

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 20, 2021

Aug 20, 2021

Suggested Topics