Information Security Awareness
Information Security Awareness
“Scientia potentia est” translates to knowledge is power and is commonly attributed to Sir Francis Bacon.
Information is powerful and thus needs to be protected by any organisation.
In our previous blog, we spoke about ISO 27001 Information Security and assessing how information is protected, in this blog we will look at creating awareness for information security objectives, risks and protocol.
All of the ISO standards create requirements for awareness with regards to risks and controls depending on each standards particular focus. ISO 27001 requires that you create awareness in regards to information security objectives and obligations, which should be defined in your information security policies and procedures.
Awareness simply means ‘the concern about and well-informed interest in a particular situation or development’.
In regards to Information Security, this means being aware of what is at risk (company information in its various forms), how it can be protected, the various controls which are available to the worker and their role in enacting the controls (the worker’s responsibility), and the goal (to protect company information).
Awareness can be achieved through various means, the first of which is through the Company Induction. Although this is generally an overview of issues, it can be the first port of call to create awareness for new workers on the importance and objective of information security, what’s at risk and the current protocols and controls.
Note that awareness is about informing workers about their roles and responsibilities and how they will be managed in terms of those expectations.
Further awareness can be created through:
- Documented policies and procedures
- Group and individually focused, competency-based training
- Build information security into your existing risk and compliance meetings
- Campaigns
Remember that creating awareness is not a once-off exercise, it is an ongoing effort as objectives, risks and controls evolve with the ever-changing business landscape.
Contact the SRM team, should you require assistance with the development of your ISSMS – Information Security Management System.
SRM is ISO 9001: 2015: ISO 14001:2015 and ISO 45001:2018 certified. Let us know if we can help you with the development and implementation of your Quality Management System. Contact our consultants today
Use SHEQ software for your Process Approach
An essential part of any process approach is your management system, and software is a great solution to deliver on your requirements. SRM and many of our clients use Mango Compliance Software – www.mangolive.com. Mango makes it easier to get ISO 9001:2015 certification.