CHAPTER 11: Delivering training and staff awareness

Section 01 Awareness
Section 02 Training

 
Section 01: Awareness

Policy 110101 Delivering Awareness Programs to Permanent Staff
POLICY STATEMENT
“Permanent staffs are to be provided with Information Security awareness tools to enhance awareness and educate them regarding the range of threats and the appropriate safeguards.”

Policy 110102 Third Party Contractor: Awareness Programs
POLICY STATEMENT
“An appropriate summary of the Information Security Policies must be formally delivered to any such contractor, prior to any supply of services.”

Policy 110103 Delivering Awareness Programs to Temporary Staff
POLICY STATEMENT
“An appropriate summary of the Information Security Policies must be formally delivered to, and accepted by, all temporary staff, prior to their starting any work for the organization.”

Policy 110104 Drafting Top Management Security Communications to Staff
POLICY STATEMENT
“The senior management of the organization will lead by example by ensuring that Information Security is given a high priority in all current and future business activities and initiatives.”

Policy 110105 Providing Regular Information Updates to Staff
POLICY STATEMENT
“The organization is committed to providing regular and relevant Information Security awareness communications to all staff by various means, such as electronic updates, briefings, newsletters, etc.”

Top



Section 02: Training

Policy 110201 Information Security Training on New Systems
POLICY STATEMENT
“The organization is committed to providing training to all users of new systems to ensure that their use is both efficient and does not compromise Information Security.”

Policy 110202 Information Security Officer: Training
POLICY STATEMENT
“Periodic training for the Information security Officer is to be prioritized to educate and train in the latest threats and Information security Techniques.”

Policy 110203 User: Information Security Training
POLICY STATEMENT
“Individual training in Information Security is mandatory, with any technical training being appropriate to the responsibilities of the user’s job function. Where staff change jobs, their Information Security needs must be re-assessed and any new training provided as a priority.”

Policy 110204 Technical Staff: Information Security Training
POLICY STATEMENT
“Training in Information Security threats and safeguards is mandatory, with the extent of technical training to reflect the job holder’s individual responsibility for configuring and maintaining Information Security Safeguards. Where IT staff change jobs, their Information security needs must be re-assessed and any new training provided as a priority.”

Policy 110205 Training New Recruits in Information Security
POLICY STATEMENT
“All new staff are to receive mandatory Information Security awareness training as part of induction.”

Top