-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
First off, congratulations on your new job!
But I never had to make something like this before. Have some of
you any experience about the topic?
Yes, I do. Quite a lot, actually.
Any help/ideas/suggestions on information security training
is welcome.
Now, here?fs the deal: _you_ are the professional. _You_ should be
the one to determine the answer to your questions. _You_ are the
insider who knows how your organisation operates and what your
information security needs are. Without this knowledge, any one of
us could list a number of "hot issues" -- some or all of which
could turn out to be already well known by the employees of your
company or irrelevant to your operations model.
The key question is: *What* do you want to train the staff in? What
do they need to know?
You have already recognised that the different personnel groups are
likely to have different needs - that is an astute (and often true)
observation. However, training is generally not where you start an
information security project. Training greatly depends on other
parts of the infosec project. Let?fs have a look at some examples:
- -Classification and handling of business information? You would
need a classification system first. Does your company have
guidelines for information classification already? If they do, do
these guidelines need to be updated?
- -Information Security Policy - does your company have one already?
- -Visitor policy - does your company have one already?
- -Major infosec risks and how to avoid them? First you will need an
inventory of critical assets and a risk analysis.
Training *is* a crucial part of information security development.
After all, technology can take you only so far; in the end, it is
always people who either make it (information security) work or
not. Which is why training should not be taken lightly -- you will
need a clear idea of what your employees need to know, and, to get
to that point, you will need to develop the other areas first. I
would recommend using a standard such as BS7799 as a reference, see
how it can be applied to your business model & working environment.
Good luck!
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkMyaAkACgkQiokir2ZPLvXSOgCgox6YfSAORC42qKuRT7+yrqcQD98A
oL5IQ/YcJGjUSUrbiPWyURSjlL+N
=4UAb
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
