The quote in the title of this article is from Jeffrey Rosen, the American Information Security expert, reminds us of the dangers of complacency.
It’s so easy to assume our information is safe, isn’t it? Yet, as we point out in our Information Security Awareness training course, at least 80% of organisations experienced a breach in their security, costing hundreds of thousands of pounds per year.
The news regularly features incidents where information is compromised because of complacency doesn’t it? Stories of laptops left on trains, spreadsheets dumped into skips without being shredded, hackers getting into poorly defended databases… the list goes on.
Our Information Security course addresses the issues which underpin effective security and risk management. It’s ideal for training a workforce in best practice because it not only improves awareness of security measures to protect information, it identifies potential risks and ways to respond and report breaches in security, exactly what you need from elearning software.
It’s a course we all need. After all, computers, laptops and mobile devices are part of everyday life. But information can be breached by inappropriate phone conversations and careless handling of sensitive documentation as well. It’s only when you work through the course that you realise how easily information security can be compromised.
Government Recommendations & Legislation
The government emphasises the importance of information security training. Their website recommends training should be provided in every organisation, particularly for the following roles:
• The Senior Information Risk Owner (SIRO) – the person with ultimate responsibility for information security
• The Accreditor – a “hands on” role responsible for identifying risks and suggesting mitigating measures and carrying out risk assessments
• The Information Asset Owner – who is responsible within any given project for the management of information (who accesses it, stores it, edits it etc.)
• The Communications Electronics Security Group – they provide the technical support and run annual IT Health Checks which form part of the assurance process.
These roles have a direct link to the legislation surrounding information security, such as:
• The GDPR forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). The main provisions of this apply, like the GDPR, from 25 May 2018. The GDPR explains the provisions of the GDPR to help organisations comply with its requirements. It is for those who have day-to-day responsibility for data protection.
• The Data Protection Act 1988 where everyone is responsible for using data and must follow strict rules called ‘data protection principles’. Even though that Act is no longer in force and was replaced by The GDPR and DPA 2018, it contains practical examples and advice which may still be helpful in applying the new legislation.
• The Freedom of Information Act 2000 which makes provision for the disclosure of information held by public authorities or by persons providing services for them
• ISO Standards (such as 27001) is for all organisations (large or small) and covers all sectors, including charities and the voluntary sector. The standard applies to organisations who wish to assess and prevent information security risks
• Payment Card Industry Data Security Standard and applies to merchants of all sizes, financial institutions, point-of-sale vendors, and hardware and software developers who create and operate the global infrastructure for processing payments.
Ultimately, an organisation’s information security must be effectively integrated and aligned with the corporate strategy, objectives, business structure and style. Our Nimble courses are fully editable, so you can add your own branding, colours, documentation and policies. Have a look at a demo of our Information Security course now.