Solved

User Awareness Training

Posted on 2009-06-30
5
301 Views
Last Modified: 2012-05-07
Hi all, we have just revised our security awareness training programme. In our organisation (small setup) as part of a new starters we give them basic IT security awareness training, i.e. password good practice, awareness for social engineering, shoulder surfing etc.

We have got a 3rd party external audit coming in soon and I wonder what sort of things they will pick us up on. Have you had similar audits, i..e them auditing you that you are training your staff properly. What sort of things did they ask, recommend, highlight in there testing and findings?

In terms of documentation our training programme is documented, we record users attendance etc, we dont allow exceptions i.e. a corporate director still has to have it etc. Anything we are likely to have to do in addition to satisfy the external auditors?
0
Comment
Question by:pma111
  • 3
  • 2
5 Comments
 
LVL 18

Expert Comment

by:kjanicke
ID: 24750990
Documentation, awareness, and auditing were key elements in our inspection which was held just a few weeks ago.

If you have a policy of not allowing wireless devices or cell phones in the building, do you actively seek those devices?  If company policy doesn't allow you to surf ebay at work, can you tell who is surfing ebay?  

What types of things do you audit, and do people actually look at the audits?

Proper markings (to the letter) of any regulation you have.  Are portable hard drives encrypted or allowed?

Do you have documented procedures for minor incidents and major disasters?  If you found somebody stealing computer hardware, do the other employees know what to do and who to contact?  Do your employees know where that documentation is?
0
 
LVL 3

Author Comment

by:pma111
ID: 24752181
Thanks kjanicke, what documentation did they ask you specific to training, was it training records or lots more? Regards
0
 
LVL 18

Accepted Solution

by:
kjanicke earned 250 total points
ID: 24752899
They did ask for signed copies of our authorized user policy.  It was some of the basic rules such as sharing passwords, surfing unprofessional web sites, usingt he computer for personal entertainment or profit, etc.

But they also asked how we were preventing or audting the policy.

Having a central location for all documentation helped, but quite a few folks didn't know where it was, and there was almost too much stuff there.  Some documentation wa sn't updated in years.
0
 
LVL 3

Author Comment

by:pma111
ID: 24752904
Thanks ever so much, some good advice. Cheers
0
 
LVL 18

Expert Comment

by:kjanicke
ID: 24757899
Thanks
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Rate limit for DNS queries 7 75
SHA2 certs for IIS AND Java? 2 91
PCI Compliance - mixing SAQs 6 31
Using Linux to replace Windows Server 2008 R2 for network drives 5 78
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question