Skip over navigation
Ultima Risk Management Logo linking to homepage
  • Contact us
  • Site map
  • Home
  • Consultancy
    • Introduction
    • Information Security (ISO 27001)
    • Business Continuity Management (BS 25999)
    • PCI DSS
    • IT Service Management (ITIL & ISO 20000)
    • Data Protection
    • Information Risk Management
    • Software Asset Management
    • Polices & Procedures
  • Training
    • Training Courses
    • CISMP - ISEB Certificate in Information Security Management Principles
    • PCBCM - ISEB Practitioner Certificate in Business Continuity Management
    • PCIRM - ISEB Practitioner Certificate in Information Risk Management
    • SAM - ISEB Certificate in Software Asset Management Essentials
    • PCSAM - ISEB Practitioner Certificate in Software Asset Management
    • BCM - BCI Understanding BCM Principles and Good Practice
    • All other courses
    • Training Schedule
  • Products
    • ISO 27001 Risk Assessment Tool
    • BS 25999 Risk Assessment Tool
  • Events
    • BS 25999 Implementation Seminar
  • Case Studies
    • Audatex - Global first Dual certification
  • About us
    • Company Profile
    • URM's Partners
    • How to contact us
Home / Consultancy / Information Security (ISO 27001) / Awareness Training
getting the balance right
Getting the Balance Right

URM's Information Security Awareness Training

Why Security Awareness Training is Important?

In the experience of URM’s consultants the implementation of any security policy and process can only be successful if explicit, clear guidance and advice is provided at the time of implementation. To ensure that staff are fully aware of their responsibilities for information security, it is essential that awareness training is provided not just as a ‘one off’ but on an ongoing basis. Regular training of staff will create a ‘security-aware’ culture within the organisation, thus reducing many of the risks that cannot be addressed through the implementation of technical controls alone.

Different Methods Involved in Security Awareness Training

There is definitely not a one size fits all solution which fits all training needs. URM has been involved in delivering security awareness training using a variety of methods. Some of the main factors which determine the training method include; size of organisation, locations involved, culture of the organisation and budget. Presentations which address the key aspects can be delivered at company or departmental meetings for smaller organisations. Videos and Computer Based Training (CBT) packages may be suitable for larger organisations that have many staff to include. URM has found that, if available, the company intranet is a great way of publishing policies and processes particularly with its reach to the entire organisation.

Whatever approach is chosen, it is important to measure the effectiveness of the training being delivered.

Key Success Criteria for Conducting Security Awareness Training

URM’s consultants provide some key tips:

  • Regularly review policies and processes in line with business changes
  • Ensure your staff know what is expected of them
  • Keep messages clear and concise
  • Provide regular refresher training sessions
  • Measure the effectiveness of the training and update as necessary
  • Encourage staff to contribute to 'information security concerns' and 'suggestions for improvement' – this way staff will start to take ownership for information security themselves.
  • Introduction
  • Information Security (ISO 27001)
    • Relationship between ISO 27002 & ISO 27001
    • How to Comply with ISO 27002 or Certify to ISO 27001
    • ISO 27001 Awareness Training
    • ISO 27001 Case Studies
  • Business Continuity Management (BS 25999)
  • PCI DSS
  • IT Service Management (ITIL & ISO 20000)
  • Data Protection
  • Information Risk Management
  • Software Asset Management
  • Polices & Procedures

Copyright © Ultima Risk Management, 2008. All Rights Reserved.

contact us | careers | terms of use | privacy | site map