Proud Partners of
You've developed the best policies, plans and procedures for your organisation and you've put them on the intranet for all to see - so why do your staff continue to fail you and ignore them?
Communication strategies need to be developed beyond simple publication in order for the messages to be consistent and effective. An ITSEC Training Services awareness strategy will cover multiple communication mediums to reinforce these important messages.
Its frustrating to see personnel continually threatening the secuirity of your operation by their apparant ignorance. It's not easy to develop a "Security Culture" and it takes time to nurture and develop one depending on where you're starting from.
ITSEC Training Services will work with you to develop a tailored awareness strategy to include a training program to best meet your security objectives.
Protective Security
ITSEC Training Services bases its training plans on international and federal government standards tailored to be applicable to your organisation.
Our Protective Security training would likely cover the following key topics:-
-
Information Security. The purpose of Security Classification and the resulting marking and handling based on information sensitivity
-
Personnel Security. The need to know principle is underpinned by security cleared personnel. Clearances and vetting principles are covered in this topic along with staff responsibilities.
-
Physical Security. Area Security, Access Control and Security Alarm Systems are covered in additions to the use of containers to store information.
ICT Security
ITSEC Training Services uses DSD's ACSI 33 security standards as the baseline in conjunction with ISO 27001. Topics are likely to cover the use and protection of passwords, logging off unattended systems, data protection and incident reporting among a long list of other topics.
The threats that your users face on a daily basis will be uncovered and discussed in some detail as we explore the Phishing and Pharming scams and the problems of identity theft.
It's important these messages are re-inforced constantly through posters, emails, intranet, CBT and face to face training.
It's the strategy that will make the difference and build the security culture you must achieve to succeed.