Awareness and Training

Most organizations, assuming even a most basic approach to information security, will have elements of awareness and training in their induction programme for new staff. This may be a quick add-on to their information technology (IT) induction or something which is part of the general procedures, including physical security routines. Getting a group of employees together for a face-to-face, interactive training session is one of the most effective ways of developing IT professional's security. Many people are making use of email as a cost-effective mechanism for delivering information security messages. With the requirement to raise awareness and train large numbers of staff, a number of interactive online training packages focused on information security are emerging. For larger organizations, the use of local information security champions can also be very effective. It is important to recognize that in many IT systems, with inherently poor security architectures, too many people have full administration rights.