Information Security Awareness / Cyber Security Awareness
What is Cyber / Information Security Awareness?
Information Security Awareness Training is a proper method for instructing employees about computer/Laptop security.
a great security awareness program must educate employees about corporate rules and strategies for running with information technology (IT). employees have to receive records about who to contact in the event that they find out a security threat and be trained that data as a precious company asset. regular training is specifically necessary in companies with high turnover costs and those that depend closely on settlement or temporary personnel. Confirming how nicely the awareness program is working may be difficult. The most common metric seems for a downward trend in the variety of incidents over time.
The National Institute of standards and technology (NIST) has an splendid publication with templates and courses for what need to cross right into a protection consciousness training application. The 70-web page report is to be had for free in PDF layout from the institute’s web site.
Training Your Employees on Information Security Awareness
The ultimate goal of the information security process is to protect three unique attributes of information. They are:
- Confidentiality :- Information need to best be seen by means of those folks authorized to look it. Information might be confidential due to the fact it’s far proprietary information this is created and owned by the company or it can be clients’ personal information that ought to be stored private due to legal responsibilities.
- Integrity :- Information must not be corrupted, degraded, or changed. Measures need to be taken to insulate information from accidental and planned change.
- Availability :- Information must be kept available to authorized persons when they need it.
Information Security Awareness Program
A very good Information Security Awareness Program highlights the importance of data security and introduces the Cyber Security Training and techniques in a easy yet powerful manner in order that employees are able to understand the rules and are aware about the approaches.
indexed beneath are some of the strategies used to talk the significance of Information Security Policies and procedures to the employees.
1. System Access
No sharing of UserID and password is allowed and group of workers are made aware about their responsibility on safeguarding their user account and password. staff also are provided with some beneficial Password tips on how to select a good password.
2. Information Classification, Handling and Disposal
All information need to be categorized in step with how sensitive it is and who is the target audience. information have to be labeled as “secret”, “confidential”, “Internal Use Only” or “Public”. files which can be labeled “Secret” or “confidential” should be locked away at the end of the workday. electronic information (Secret or exclusive) should be encrypted or password protected. while the information is no longer required, documents should be shredded even as documents must be electronically shredded.
All computer systems need to have anti virus software installed and it’s the responsibility of all group of workers to scan their computer regularly. All software and incoming documents have to be scanned and staff are advised to scan new data files and software before they are opened or executed. Staff are educated on the importance of scanning and how a virus can crash a hard drive and bring down the office network.
Staff are advised that they are responsible for their own personal computer backup and they should backup at least once a week.
5. Software Licenses
Software piracy is against the law and staff are advised not to install any software without a proper license.
6. Internet Use
Staff are advised that Internet use is monitored. Staff should not visit inappropriate websites such as hacker sites, pornographic sites and gambling sites. No software or hacker tools should be downloaded as well.
Dos and Don’ts
A Dos and Don’ts checklist is given to all new staff upon joining company. As it may be sometime before they attend the actual security training, the checklist would be a good and easy way for them to learn about what they should and should not do. The information in the checklist is listed below.
- Do not share your password with anyone including staff
- Do not write your password on any paper, whiteboard or post it pad
- Do not use easy to remember words as passwords e.g. Aug2001
- Do not use personal information or any word in any language spelled forwards or backwards in any dictionary
- Do not visit inappropriate web sites e.g. pornographic or hacker web sites
- Do not download unlawful or unlicensed software from the Internet
- Do not install unlicensed software onto your computer
- Do change your password regularly for every system.
- Do use a combination of letters, symbols and number for passwords
- Do use difficult passwords which are at least 6 characters long
- Do enable your Screen Saver Password or lock your workstation
- Do scan your computer regularly for viruses and any diskettes as well before you use them on your computer
- Do check that your virus software patches have been updated when you receive the regular update emails from Desktop Support
- Do backup your data at least once a week. It is your responsibility to do so.
- Do lock away all confidential documents, files and diskettes at the end of each work day