URM's Information Security Awareness Training

Why Security Awareness Training is Important?

In the experience of URM’s consultants the implementation of any security policy and process can only be successful if explicit, clear guidance and advice is provided at the time of implementation. To ensure that staff are fully aware of their responsibilities for information security, it is essential that awareness training is provided not just as a ‘one off’ but on an ongoing basis. Regular training of staff will create a ‘security-aware’ culture within the organisation, thus reducing many of the risks that cannot be addressed through the implementation of technical controls alone.

Different Methods Involved in Security Awareness Training

There is definitely not a one size fits all solution which fits all training needs. URM has been involved in delivering security awareness training using a variety of methods. Some of the main factors which determine the training method include; size of organisation, locations involved, culture of the organisation and budget. Presentations which address the key aspects can be delivered at company or departmental meetings for smaller organisations. Videos and Computer Based Training (CBT) packages may be suitable for larger organisations that have many staff to include. URM has found that, if available, the company intranet is a great way of publishing policies and processes particularly with its reach to the entire organisation.

Whatever approach is chosen, it is important to measure the effectiveness of the training being delivered.

Key Success Criteria for Conducting Security Awareness Training

URM’s consultants provide some key tips:

• Regularly review policies and processes in line with business changes
• Ensure your staff know what is expected of them
• Keep messages clear and concise
• Provide regular refresher training sessions
• Measure the effectiveness of the training and update as necessary
• Encourage staff to contribute to 'information security concerns' and 'suggestions for improvement' – this way staff will start to take ownership for information security themselves.

• Consultancy Introduction
• Information Security (ISO 27001)
  • Information Security (ISO 27001)
  • Relationship between ISO 27002 & ISO 27001
  • How to Comply with ISO 27002 or Certify to ISO 27001
  • ISO 27001 Awareness Training
  • ISO 27001 Case Studies
• Information Security (PCI DSS)
  • Information Security (PCI DSS)
  • Stages of Compliance to PCI-DSS
• Information Security (DMA DataSeal)
• Business Continuity Management (BS 25999)
  • Business Continuity Management (BS 25999)
  • Significance of BS 25999
  • How to deploy BS 25999 - Lifecycle Stages
  • Crisis Management Simulation Exercises
  • New ISO Standard for BCM - ISO 22301
• IT Service Management (ITIL & ISO 20000)
  • IT Service Management (ITIL & ISO 20000)
  • Significance of ITIL & ISO 20000
  • How to deploy ITIL or certify with ISO 20000
• Data Protection
  • Data Protection - Introduction
  • URM's approach to Data Protection
  • BS 10012 - New DPA Standard
• Information Risk Management
  • Information Risk Management
  • URM's approach to Information Risk Management
• Software Asset Management
  • Software Asset Management
  • URM's approach to Software Asset Management
• Polices & Procedures
  • Polices & Procedures
  • URM's approach to Polices & Procedures