Information Security 101 - back to basics
Introduction, scope and purpose of this module
As soon as a new worker arrives, they start absorbing and being assimilated into the
corporate culture – ‘the way we do things here’. Sensible organizations run orientation sessions to welcome newcomers and kick-start the cultural integration.
Information Security 101 covers common information risks (e.g. malware) and information security controls (e.g. antivirus). The materials are deliberately succinct, outlining key
aspects without delving into the details. We’re not trying to tell newcomers everything
about information risk and security all at once but to set them off on the right foot, engaging them as integral and valuable parts of the organization’s Information Security Management System. It’s a gentle introduction, a splash in the paddling pool, not a high dive at the deep end!
First impressions matter, so the module helps Information Security, HR or training professionals deliver interesting and engaging awareness sessions accompanied by
impressive, top-quality supporting materials. Establishing personal contacts throughout the organization gradually expands the Information Security team across the enterprise -
more ‘eyes and ears’ out there. This alone would be well worth the investment!
As well as orientation, Information Security 101 also facilitates the launch or relaunch of an awareness and training program in support of ISO/IEC 27001, GDPR, PCI-DSS and other compliance obligations. It introduces the program, quickly bringing everybody up to the
same foundation level of awareness and understanding.
Either way, the module is intended to lead-in to an ongoing or continuous security awareness and training approach: it is unlikely to be sufficient by itself. Naturally, we
recommend the monthly NoticeBored subscription service for that but of course it’s up to
you. See how it goes with InfoSec101 first. Is it valuable, worth more than it costs?
The ‘Keep calm’ poster design is more than just eye-candy. That’s an important awareness
message to put across: people need straightforward instruction on what to do if there’s some sort of incident at work, ranging from where are the fire exits to what do I do if I
receive spam or scams by email. There are another 5 poster designs in the module too, provided as high-resolution JPGs for you to print or incorporate into other media.
The seminar slides, leaflets, model policies and other materials advise workers to check out the Security Zone, an area on the corporate intranet managed
by Information Security with all manner of awareness and training materials such as your policies and procedures. Along with the Help Desk, the Security Zone is a focal point for anyone seeking additional information and advice. A generic specification for the Security Zone is provided in the module to help
you set one up from scratch or review and perhaps redesign your existing site.
Information Security 101 is designed to:
Deliver a grounding in the fundamentals of information risk and security through general background and core concepts (e.g. a hyperlinked
glossary explaining common terms - a simplified 10-page extract from our full 300+ page glossary);
Introduce workers to the security awareness and training program, and the Information Security function (putting faces-to-names);
Give a heads-up on the corporate security policies and procedures, the rules of the game;
Support and foster the corporate security culture, growing social links through the organization with substantial long-term benefits;
Encourage workers to think and motivate them to behave more securely - do the right thing as well as do things right;
Direct workers to sources of further information, advice and guidance as required.
What’s actually in the NoticeBored module?
Information Security 101 is delivered as a .ZIP file containing all the following materials:
What on Earth would we do with all that?
Information Security 101 is a bumper pack of goodies,
a smorgasbord. You’re meant to dip in, not guzzle the whole thing!
There is a broad range of materials here to cater for any organization, from micro-businesses up to global multinationals, in any industry ... but since everyone
differs, the awareness and training materials need to be selected and adapted to reflect the local situation. The train-the-trainer guide is a good place to start
with a stack of creative tips for security awareness and training activities or approaches, drawing on our decades in the field. For example, we provide an
innovative menu of gold, silver and bronze-level rewards encouraging workers who actively engage in the program.
The content is professionally designed, written and polished to a high standard - literally camera ready.
However, we provide unlocked customer-editable materials so you can brand, customize and adapt the materials to suit your purposes.
We recommend skimming right through the materials first, thinking about the content and how to use it. Some items may be of little interest to you right
now while others will be ideal, right on the button. Some will be things you hadn’t thought of doing before, or maybe never had the time and energy to
prepare suitable materials. Now, there’s no excuse!
It does need to be checked though, and we recommend liaising with HR, Compliance, IT and other functions to make sure it supports and doesn’t conflict with anything.
How to purchase
Visit our eShop to purchase InfoSec 101 online for just US
or subscribe to the NoticeBored security awareness service to receive it for nothing!
Nurturing the corporate security culture through awareness
A security culture involves everyone in the organization, top to bottom, collectively valuing, protecting and (where appropriate!) exploiting information.
Subscribe to NoticeBored for fresh perspectives on information risk and security within the corporate context. NoticeBored picks up on the strategic,
governance, compliance and business aspects, particularly in the management stream of course but the principles underpin the general staff and
professional streams too. Information is a valuable and yet vulnerable asset that needs to be protected for sound business reasons - not just for compliance or because we say so.
* Plus GST for Kiwi customers