Content library
TiHL: Suositus tietoturvan vähimmäisvaatimuksista
2.6: Ohjeet ja koulutus

How to fill the requirement

TiHL: Suositus tietoturvan vähimmäisvaatimuksista

2.6: Ohjeet ja koulutus

Task name
Priority
Status
Theme
Policy
Other requirements
Staff guidance and training procedure in cyber security
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Cyber security training
requirements

Task is fulfilling also these other security requirements

T11: Turvallisuuskoulutus ja -tietoisuus
Katakri
4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
TiHL
29. Processing under the authority of the controller or processor
GDPR
32. Security of processing
GDPR
7.2.1: Management responsibilities
ISO27 Full
1. Task description

Our organization has defined procedures for maintaining staff's cyber security awareness.These may include e.g. the following things:

  • staff receive instructions describing the general guidelines of digital security related to their job role
  • staff receive training to maintain the appropriate digital and cyber security skills and knowledge required for the job role
  • staff demonstrate through tests that they have the security skills and knowledge required for the job role

Training should focus on the most relevant security aspects for each job role and include often enough the basics, which concern all employees:

  • employee's personal security responsibilities (e.g. for devices and processed data)
  • policies relevant for everyone (e.g. security incident reporting)
  • guidelines relevant for everyone (e.g. clean desk)
  • organization's security roles (who to contact with problems)
Ajantasaisen ohjeistuksen varmistaminen
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Information management
Organizing information management
requirements

Task is fulfilling also these other security requirements

4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
TiHL
2.1: Tietoturvallisuusvastuiden määrittely
TiHL: Tietoturva
2.6: Ohjeet ja koulutus
TiHL: Tietoturva
1. Task description

Management must ensure that the organization has up-to-date guidance on information management and cyber security topics.

General security guidelines for staff
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Security guidelines
requirements

Task is fulfilling also these other security requirements

T11: Turvallisuuskoulutus ja -tietoisuus
Katakri
4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
TiHL
29. Processing under the authority of the controller or processor
GDPR
9.4.4: Use of privileged utility programs
ISO27 Full
11.2.7: Secure disposal or re-use of equipment
ISO27 Full
1. Task description

Personnel must have security guidelines that deal with e.g. the following topics:

  • Using and updating mobile devices
  • Storing and backing up data
  • Privacy
  • Using email
  • Handling of printouts, papers and files
  • Reporting incidents
  • Scam prevention
Tarvittavan koulutuksen huolehtiminen
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Information management
Organizing information management
requirements

Task is fulfilling also these other security requirements

4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
TiHL
9: Henkilöstön digiturvakoulutukset
Sec overview
2.6: Ohjeet ja koulutus
TiHL: Tietoturva
1. Task description

Johdon on huolehdittava, että organisaatiossa on tarjolla koulutusta, jolla varmistetaan henkilöstön riittävä osaaminen tiedonhallintaa, tietojenkäsittelyä sekä asiakirjojen julkisuutta ja salassapitoa koskevista säädöksistä, määräyksistä ja ohjeista.

Digiturvamallissa ohjeiden kouluttamista ja valvontaa tehdään automaattisesti, mikäli henkilöstö on yhdistetty järjestelmään esim. Teams-sovelluksen tai selainlaajennuksen kautta.

Unit- or role-specific security guidelines
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Security guidelines
requirements

Task is fulfilling also these other security requirements

4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
TiHL
7.2.2: Information security awareness, education and training
ISO27 Full
6.1: Tietojärjestelmien käyttäjiltä vaadittava koulutus ja kokemus
Self-monitoring
6.2: Tietojärjestelmien asianmukaisen käytön kannalta tarpeelliset käyttöohjeet
Self-monitoring
PR.AT-1: Awareness
NIST
1. Task description

The security guidelines are specified in connection with the employee's job role. The organization has identified units and roles that require separate guidance and develops its own detailed security guidelines for these.

Examples of units that may require their own guidelines are e.g. customer service, IT and HR. Examples of work roles that require their own instructions are the system administrators and the remote workers.

Ohjeistukset tiedonhallintatyöhön
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Information management
Organizing information management
requirements

Task is fulfilling also these other security requirements

2.6: Ohjeet ja koulutus
TiHL: Tietoturva
1. Task description

The organization must have up-to-date information security guidelines and training available to ensure adequate awareness with them. The guidelines must take into account:

  • Handling of information materials in operational processes
  • Secure use of data systems
  • Determining data processing rights for information systems and the data stores and materials they contain
  • The grounds for granting access rights and who is responsible for granting them
  • How and whose responsibility it is to respond to requests for information
  • Guidelines for preparing for unusual situations

You should pay attention when preparing the guidelines to the quality and comprehensibility of the guidelines.

Asianmukaisten työvälineiden tarjoaminen henkilöstölle
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Information management
Organizing information management
requirements

Task is fulfilling also these other security requirements

4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
TiHL
2.6: Ohjeet ja koulutus
TiHL: Tietoturva
1. Task description

Johdon on huolehdittava, että organisaatiossa on tarjolla asianmukaiset työvälineet tiedonhallintaa koskevien velvollisuuksien toteuttamiseksi. Työvälineillä tarkoitetaan päätelaitteita ja ohjelmistoja, joita tiedonhallintayksikössä työskentelevät käyttävät.

Digiturvamalli sisältää omat tehtävänsä tähän kokonaisuuteen liittyville osille (esim. tietojärjestelmien tietoturvallisuusvaatimukset ja testaus, tietojärjestelmien ja tietovarantojen yhteentoimivuus, tekniset rajapinnat), joiden toteutusta vastuuttamalla ja valvomalla johto voi teemasta huolehtia.

Arranging training and guidance during orientation (or before granting access rights)
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Cyber security training
requirements

Task is fulfilling also these other security requirements

4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
TiHL
7.3: Termination and change of employment
ISO27 Full
7.3.1: Termination or change of employment responsibilities
ISO27 Full
9.2.2: User access provisioning
ISO27 Full
PR.IP-11: Cybersecurity in human resources
NIST
1. Task description

Before granting access rights to data systems with confidential information employees have:

  • received appropriate guidance on their security responsibilities (including reporting responsibilities and responsibility for their own devices)
  • received appropriate guidance on their security roles related to their own role (including digital security rules related to their role and information systems and their acceptable use)
  • received information from cyber security contacts who can be asked for more information
No items found.