Information Security Awareness Training. Course Outline. Provides a brief orientation to the topics covered in the module.

Transcription

1 Information Security Awareness Training Course Outline Module 1 Information security risks 1. explain what information security means. 2. define the four aspects of information security. 3. understand their role in supporting information security. Section 1.1 Welcome Section 1.2 What is information security? Introduces the concept of information security in practical terms with reference to the everyday workplace environment. Section 1.3 Why is information security important? Gives an overview of the importance of information security awareness. Section 1.4 Consequences of security breaches Provides examples of some of the negative outcomes that can result from information security breaches. Section 1.5 The essential role you play Highlights the importance of everyone in the workplace doing their part to support information security policies and procedures. Section 1.6 Summary Section 1.7 Assessment 1

2 Module 2 Physical security The first aspect of information security covered in the course is physical security. Participants successfully completing this module should be able to: 1. define what is meant by physical security. 2. give examples of physical security measures in the workplace. 3. list some good work habits that help maintain physical security. Section 2.1 Welcome Section 2.2 Physical security in the workplace Explains what is meant by physical security with examples relevant to the workplace environment. Section 2.3 Security-conscious work habits Highlights the importance of developing good work habits that help to maintain physical security. Section 2.4 Physical security outside the workplace Outlines some of the information security risks that can be encountered when working outside the workplace, for example working from home or travelling to other locations. Section 2.5 Risks of carrying electronic devices Explains some of the particular risks that are associated with carrying electronic devices such as smartphones. Section 2.6 Summary Section 2.7 Assessment 2

3 Module 3 Computer and network security The second aspect of information security covered in the course is computer and network security. 1. recognise the importance of complying with computer and network policies. 2. list some examples of the risks posed by computers and networks. 3. explain the meaning of technical terms such as virus, malware, encryption and firewall. 4. understand the importance of reporting and responding to security incidents quickly. Section 3.1 Welcome Section 3.2 Your computer and network policies Emphasises the importance of following the proper workplace policies and procedures, even if the reasons for them are not understood. Section 3.3 Understanding information technologies Gives a non-technical explanation of key terms related to computers and computer networks. Section 3.4 Reporting incidents or concerns Highlights the importance of reporting computer and network security issues and responding quickly. Section 3.5 Summary Section 3.6 Assessment 3

4 Module 4 Communications security The third aspect of information security covered in the course is communications security. 1. recognize what is meant by communications security. 2. explain some of the particular risks associated with put into practice some tips to avoid communications security breaches. Section 4.1 Welcome Section 4.2 Communications security Introduces the concept of communications security with examples of what it covers. Section 4.3 The risks of Highlights the risks that can be posed by use, such as malicious attachments, misleading links, and phishing attacks. Section 4.4 Communicating outside the workplace Looks at some information security risks to be aware of when communicating outside the workplace (for example, working from home or in public places). Section 4.5 Summary Section 4.6 Assessment 4

5 Module 5 Personnel security The fourth aspect of information security covered in the course is personnel security. 1. explain what is meant by personnel security. 2. list the main areas of risk associated with personnel security. 3. understand what social engineering is, and recognise the threat is can pose. 4. be aware of the risk that deliberate acts by personnel can cause security breaches. Section 5.1 Welcome Section 5.2 What is personnel security Introduces the concept of personnel security and outlines four main areas of risk associated with it. Section 5.3 Social engineering Explains the concept of social engineering and how it can be used to breach information security. Section 5.4 Security procedures Makes the point that a significant proportion of security breaches are caused by personnel failing to follow correct procedures. Section 5.5 Deliberate acts Highlights the fact that there is a risk posed by personnel deliberately acting in ways that breach security, and that everyone should be alert to this risk. Section 5.6 Summary Section 5.7 Assessment 5