Q: Do all employees (permanent staff and staff contracted
from other organisations) all receive information security awareness training?
A: Not all staff receive this training but the key
Technical
staff do
Ran across this Q&A this week and it led to a thought; we are struggling to set a place for InfoSec Awareness in the arsenal. If there is agreement to support such training, there is still the discussion - to whom to focus it on.
I try to think of Information Security as an eternal endeavour. Humans have been keeping secrets for competitive advantage for a very long time. The change in technology is a constant. If there is a group of people working towards a goal, all should understand the value of the operating information.
If the question above was asked at a large company in the 1920s, will it have been okay to say that the technicians were aware of the value of the information and not the rest of staff? Organisations receive, generate, process, store and dispose of information in numerous formats.
InfoSec efforts should be applied at all points where valuable information and a risk of exposure intersect. The profile and potency of each effort will depend on choices made by the organisation.
One of the weakest points will be staff members who do not appreciate what information means to the business. Training those people will go a long way in increasing the defence of the company’s prime asset, information.
Great Post!
The correct answer to this question should be something like:
"We actively promote a positive information security culture by identifying the security responsibilities of all organisational roles and deliver training accordingly"
Posted by: Geordie Stewart | 2012.09.10 at 11:19
Geordie,
That is great! At what level should this be managed?
Posted by: Sean | 2012.09.15 at 11:10