Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Objective: If the requirements and risks of information security are not known to the employees, there is a risk of misconduct resulting in damage to the organization. Therefore, it is important that information security is internalized and practiced as a natural part of their work.
Requirements (must): Employees are trained and made aware.
Requirements (should): A concept for awareness and training of employees is prepared. As a minimum, the following aspects are considered:
- Information security policy,
- Reports of information security events,
- Reaction to occurrence of malware,
- Policies regarding user accounts and login information (e.g. password policy),
- Compliance issues of information security,
- Requirements and procedures regarding the use of non-disclosure agreements when sharing information requiring protection,
- Use of external IT services.
Target groups for training and awareness measures (i.e., people working in specific risk environments such as administrators, employees having access to customer networks, personnel in areas of manufacturing) are identified and considered in a training concept.
The concept has been approved by the responsible management.
Training and awareness measures are carried out both at regular intervals and in response to events.
Participation in training and awareness measures is documented.
Contact persons for information security are known to employees.
Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Objective: If the requirements and risks of information security are not known to the employees, there is a risk of misconduct resulting in damage to the organization. Therefore, it is important that information security is internalized and practiced as a natural part of their work.
Requirements (must): Employees are trained and made aware.
Requirements (should): A concept for awareness and training of employees is prepared. As a minimum, the following aspects are considered:
- Information security policy,
- Reports of information security events,
- Reaction to occurrence of malware,
- Policies regarding user accounts and login information (e.g. password policy),
- Compliance issues of information security,
- Requirements and procedures regarding the use of non-disclosure agreements when sharing information requiring protection,
- Use of external IT services.
Target groups for training and awareness measures (i.e., people working in specific risk environments such as administrators, employees having access to customer networks, personnel in areas of manufacturing) are identified and considered in a training concept.
The concept has been approved by the responsible management.
Training and awareness measures are carried out both at regular intervals and in response to events.
Participation in training and awareness measures is documented.
Contact persons for information security are known to employees.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
