Information Security is Systemic
Too often we view information security as a technology issue related to policy and procedures. However, we know that people present the greatest risk. Information security is organic… a process that relies heavily on a team approach involving the managers and users of your information system. By focusing on the awareness of your team members, your system security increases.
The Weakest Link
Even with the highest quality firewalls, the best policies and procedures, and the most detailed documentation, a user can still put sensitive information in an e-mail or use “payroll” as the password for the payroll module. By presenting your policy in a manner that increases security awareness and motivates an atmosphere of cooperation towards your Acceptable Use Policy, you will reduce risk. Half the battle is helping your users recognize the important role they play in the security process.
Security Awareness Training
User Level Security Awareness Training:
We can prepare a presentation centered around your Acceptable Use Policy. We make learning the threats and vulnerabilities to information fun! Our most popular service can be as simple as an hour talk to your assembled team and can get as complex as our conducting what we call a Security Awareness Posture Assessment and following that up with a review of your Acceptable Use Policy and then the creation of both annual and ongoing awareness training strategies.
Additional Training Presentations
infotex offers other training presentations for the various levels in your organization. The presentations are customized to your exact needs.
Board-level GLBA Training:
We help the Board of Directors understand their responsibilities for IT Governance and Information Security.
General Management Awareness Training:
We provide general training to management team members summarizing what they need to know in order to help you comply with information security regulations.
Targeted Management-level Training:
infotex customizes training to the client’s specific needs. Examples: Vendor Due Diligence, Technology Risk Management, Disaster Recovery Testing, Incident Response and/or CIRT Training, Data Classification, and various policy development classes.
Technical-level Training:
This is customized to the client’s specific needs. We teach our technical clients various security functions including password file analysis, in-house vulnerability assessments, laptop encryption, etc. Training is geared to your team’s technical experience!
Technology Compliance Program Development:
We also help clients develop overall training programs at all levels of the organization. These programs not only include annual compliance training at the board, steering committee, management team, and user levels, but they also include programs for ongoing awareness training and awareness activation, including monthly reminders, activation games and exercises, and comprehension testing.