November’s security awareness topic is cloud computing
Outline and scope
Cloud computing is a strong and still growing part of the IT industry. It’s a hit!
However, the relative novelty of cloud computing puts inexperienced managers, staff and professionals at a disadvantage: lacking appreciation of the technology and the
commercial/business context, the information risks and especially the security and other cloud-related controls aren’t exactly obvious. Information security (in the broadest sense –
not just IT or cybersecurity) is a major concern with cloud computing, a source of aggravation and costs for the unaware.
Simply put, securing the anticipated business benefits of cloud computing involves addressing
the information risks that are associated with it. If the risks are simply ignored, the benefits may be reduced or destroyed by costly security incidents.
November’s security awareness module is intended to:
Introduce and outline cloud computing, providing general context and background information (e.g. explaining why so many organizations are eagerly adopting it) with
as little techno-babble as we can get away with;
Inform workers about the information risk and security issues and concerns relating to or arising from cloud computing (e.g. the organization’s partial loss of control over
its information), plus the business benefits (e.g. reduced costs, greater resilience and flexibility, plus access to cloud specialists). We’re promoting a balanced view;
Encourage those considering, specifying, evaluating, contracting for, using or managing cloud computing to identify, analyze and address the information risks,
typically through appropriate controls that secure the business benefits as much as the data;
Promote information risk and security management as a business enabler, without which cloud computing would be unacceptably risky.
Review your organization’s use of cloud computing - the apps, dependent business processes, strategies, policies and incidents. Are there any cloud
-related risks on the corporate radar? How well are they understood and treated? What’s missing? What stands out? Talk to the relevant experts about
it. Flush any issues and ideas into the open, incorporating them where appropriate into your awareness delivery.
Get this module
Subscribe to the NoticeBored service to receive this module, plus similar batches of security awareness and training materials delivered fresh to your
organization every month. We offer a wealth of top-quality creative content on a market-leading range of information risk and security topics making it
easy and economic for you to run a world-class security awareness and training program.
Email us to set the ball rolling. Find out what it takes to get your security awareness and training program quickly up to speed, for a lot less than you
might think. We’re a small company with a big reputation for quality and innovation.
If you ONLY want this module, we can do that too.
Tag along with us on NBlog as we work on the next awareness topic. In addition to clues about what’s coming up, we share hints and tips on making security awareness more effective.