|
Staff Education and Training Tools
Policies, procedures and other supporting documentation provide a framework for an organisation to manage and use its information systems securely. But this framework alone is not enough to ensure that a security incident will not occur. To be successful, Information Systems Security Policies must be based on plain old common sense and all staff, contractors and third parties must understand their obligations. Communicating the expectations of management to all users of information systems is the only thing that will create a secure environment.
It is important to remember that the policies protect staff just as much as they do the organisation. Once the policies and procedures have been developed, they need to be accessible to the people who are required to abide by them. Publishing these documents on the corporate intranet is a good start provided that all staff have the ability to access the intranet. Find out more about the Kaon SecurITy IT Policy System
Even publishing the policies is no guarantee that users of information systems will read them. Even if they read them, how can the organisation be sure that people understand them? The organisation is responsible for ensuring the staff, contractors, consultants, remote users and any other third party connecting to corporate networks are aware of their obligations. The only way to be sure that users of corporate computer systems know and understand the contents of the policies and procedures is to tell them. The detail has to be explained. Computer users must also understand the reasons why certain rules have to be followed and what will happen if they are not adhered to. Non-compliance can cause a security incident which may have long term implications on business operations. Worse still, these actions may also affect other businesses who seek reparation for loss of income and may also lay criminal charges. Deliberately acting irresponsibly or being wilfully negligent is serious misconduct and may result in termination of employment or contract. Computer users must understand this and must sign an Employee Acceptance Form which forms part of their contract.
Unfortunately, in many organisations, information systems security is just seen as something the IT Department do and therefore any training must be co-ordinated by them. With other more pressing priorities, staff training and education is relegated to the bottom of the list and in reality, never happens. Kaon SecurITy Ltd provides training seminars for staff at all levels - from the general user through to technical training for a specific issue. Our staff work in the area of Information Systems Security day in and day out and have a wide range of experience and knowledge that they can share with your staff. The format of seminars can be tailored to suit individual organisational requirements. It can be geared to a specific number of users with a particular level of competency, so that the more technical content is saved for technical staff. We can provide handouts or run the session as an interactive workshop. Content can also be general or specific and often provides an opportunity to emphasise issues that are currently causing problems onsite.
Another option for training is to purchase a Kaon SecurITy Ltd training CD. The presentations vary in duration and can be viewed by individuals from a desktop or by groups of staff by connecting a PC or laptop up to a projector and speakers. The CDs have been developed to cater for different levels of user and cover a variety of topics. They include text, action graphics and narration. Each topic is fully explained using easy to understand language. The benefit of purchasing a CD is that it is always available onsite. You can order one or multiple copies and they are a great addition to the corporate training library. Information Systems Security Policies Explained to General Users - 40 minutes Includes:- Definition of IT Security, Why Policies are needed, User Responsibilities, E-Commerce, Email, Computer Systems and Equipment Use, Controlling Access to Systems, Anti Virus, Business Continuity, Cyber Crime, Electronic Information, Passwords, Physical Access, Social Engineering and Moving Equipment
Click for a sneak preview of the Training CD for General Users
Our unique information security awareness screensaver has been produced using our cartoon graphics incorporating flash and other multimedia technology, guaranteed to attract the eye of your staff. The key messages depicted in the screensaver are based on the cartoon posters. The screensaver is suitable for computers with Windows XP or Windows 2000 software that includes Direct X version 7 (or higher). A sound card and speakers is not required however your multi-media experience will be enhanced if enabled.
Brochures can be handed out after an IT security briefing or as part of induction training. Leave a few on the cafeteria tables and put posters up in lifts and stairwells. Visual stimulation is a good way to good way of drawing attention to the need to protect important corporate information. Limitations of UseThe CDs listed above and any other training material provided by Kaon SecurITy Ltd have been developed by Kaon Technologies Ltd under copyright. Consent is given to Kaon SecurITy Ltd customers to reproduce the material purchased for internal use only. This material will not be used in whole or in part, for any purpose other than the purpose for which it is provided. Under no circumstances shall Kaon SecurITy Ltd be liable to anyone for direct, special, incidental, collateral or consequential damages arising out of the use of this material.
Staff Induction Training In many instances where staff have been dismissed for abusing privileges associated with information systems and have taken a personal grievance case to the Employment Court for wrongful dismissal, the organisation more often than not will lose the case and have to reinstate the employee. The defence used most successfully is "I didn't know". This is because even if policies and procedures have been developed by the organisation, they have not been communicated to staff. Staff have not had to sign a Employee Acceptance Form and there is no ongoing education programme to maintain staff awareness. Kaon SecurITy Ltd strongly recommends that the training CD for general users which explains basic information systems policies and procedures is included as part of the induction program for new staff. This means that new staff are introduced to the security requirements of the organisation before they even turn on a computer for the first time. They will understand why certain actions are a bad idea and the implications of non-compliance. Have them sign the Employee Acceptance Form after they have watched the presentation. This simple process will go a long way to defeating the "I didn't know" defence used so successfully in the Employment Court.
Training and education is necessary to ensure that staff know, understand and comply with information systems security policies and procedures. A one off approach to staff education is not enough to maintain staff awareness and a tiered approach to reinforce the message is the most successful.
How to Get Staff Education and Training Tools
Contact us at Kaon SecurITy Ltd to request more information about Staff Security Seminars and order the Training CDs.
Ordering Training CDs A purchase order number is required with all purchases. Please specify the name of the CD(s) required, the shipping address, contact person and telephone number and allow 2 weeks for delivery. Staff Education Onsite Seminars Initial discussions include:-
A purchase order is all that is required to initiate the process.
Staff education seminars and the general user training CD are also provided as part of our SecurITy service. For information about SecurITy - the definitive security solution for organisations that are serious about IT security
|
© 2004 Kaon Security Ltd 20 Nov 2004