Security awareness training

Common topics for awareness sessions are:

• Authentication
• Network connection
• Access to the device
• Physical security
• Data encryption
• Backup
• Software installation and patching
• Basic security “hygiene”

These articles will provide you a further explanation about awareness:

• 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/
• How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/

This material will also help you regarding awareness:

• Free Security Awareness Training: https://advisera.com/training/awareness-session/security-awareness-training/ - this is a series of 25 videos that cover various topics related to security.

These videos cover most of the topics that are listed in your question.

Hi,

Can your Awareness training cover some of your controls without need to further document. Say for instance i have a slideshow presentation and it covers media handling. It is ok to say that the control is selcetd in the SoA and reference out to the training document?

Thank you,

John

Yes, you do not need to document each and every control - in such cases, you will use awareness sessions and trainings to explain to your employees how particular security activities need to be done.

In the SoA you cannot simply refer to the Training Plan - you need to explain in a sentence or two how the control is implemented - e.g. "The data recorded on media must be encrypted."

Please note that some controls, when identified as applicable, require documentation (e.g., control A.9.1.1 - Access Control Policy).