Expert Advice Community

Guest

Security awareness training

  Quote
Guest
Guest user Created:   Feb 11, 2020 Last commented:   Apr 08, 2020

Security awareness training

Do you have any hint of what points to be taught in an awareness session to users?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 11, 2020

Common topics for awareness sessions are:

  • Authentication
  • Network connection
  • Access to the device
  • Physical security
  • Data encryption
  • Backup
  • Software installation and patching
  • Basic security “hygiene”

These articles will provide you a further explanation about awareness:

This material will also help you regarding awareness:

These videos cover most of the topics that are listed in your question.

Quote
0 0
Guest
John O'Doneely Apr 06, 2020

Hi,

Can your Awareness training cover some of your controls without need to further document. Say for instance i have a slideshow presentation and it covers media handling. It is ok to say that the control is selcetd in the SoA and reference out to the training document?


Thank you,

John

Quote
0 0
Expert
Rhand Leal Apr 08, 2020

Yes, you do not need to document each and every control - in such cases, you will use awareness sessions and trainings to explain to your employees how particular security activities need to be done.

In the SoA you cannot simply refer to the Training Plan - you need to explain in a sentence or two how the control is implemented - e.g. "The data recorded on media must be encrypted."


Please note that some controls, when identified as applicable, require documentation (e.g., control A.9.1.1 - Access Control Policy).

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 11, 2020

Apr 08, 2020

Suggested Topics