Training and Awareness

This part of the IMS deals with training and awareness. Say where staff competence is dealt with. Normally, this would be part of a staff appraisal processes. Reference it. If it doesn't exist, add something about competencies at the end of this page. Don't forget to say where the records are kept. Beware, though. Staff appraisal information is likely to count as personal data and may require special handling and you might not wish to hold it on your intranet. In general, you need to know what competencies are required, perform a training needs analysis to determine what training is required, perform that training and then verify that that training has achieve your objectives (if not you go round again).<<>>

Information Security Awareness

Information security awareness training is regularly given to Say who it is given to. Normally it will be everyone in scope of the IMS, but sometimes to may extend it to other people in your organisation (especially if the the scope of the IMS only covers part of it, e.g. just the IT department.<<>>

Topics include:

    Put any topics here that you feel are more significant than the standard topics cited below
  • <<>>
  • Information security principles
  • attacks (viruses, denial of service, other network attacks, application level attacks, password attacks (including phishing and pharming), eavesdropping, hacking, fire and flood, etc.)
  • defences (creating awareness of specific controls, the importance of routing checking etc)
  • instructions on the use of specific controls of relevance at the time (e.g. new controls or ones that people seem to be having difficulty with)
  • incident management
  • everybody's general responsibilities to be vigilant and report/record matters that may arrest/prevent an information security incident and/or impact on the IMS
  • importance of meeting objectives, complying with policies and continual improvement
    • Put any topics here that you feel are less significant than the standard topics cited above
  • <<>>

Awareness seminars are also used as a vehicle to communicate news and decisions about information security.

Add anything else concerning information security awareness here

<<>>

 

THIS PAGE CONTINUES IN A SIMILAR MANNER FOR OTHER STANDARDS AND CULMINATES WITH VARIOUS SECTIONS FOR TRAINING, RECORDS AND EVALUATING EFFECTIVENESS OF TRAINING.

REFERENCES FROM THE CONFORMANCE PAGES GO DIRECTLY TO THE PARAGRAPH IN QUESTION

YOU MAY ADD ADDITIONAL INSTRUCTIONS AS YOU PLEASE

 

 
IMS-Smart produced by Gamma Secure Systems Limited. Gamma is an ISO/IEC 27001:2005 and BS EN ISO 9001: 2000 registered company, certified for the provision of information security consultancy.  BSI certificate numbers IS 85916 and FS  30710.  Gamma Secure Systems, Diamond House, Frimley Road, Camberley, Surrey, GU15 2PS, UK Tel: +44 1276 702500 - Fax: +44 1276 692903.  Use of IMS-Smart is governed by a EULA. Template reference 017-080101, copyright © Gamma Secure Systems Limited, 2007-8
 
TemplateIMSDemo
Page last updated: 17 March, 2008