Mature information security practices necessitate information security awareness, security led behaviours and an overall security culture. It is no surprise that most security incidents and personal data breaches arise from mistakes made by employees.
There’s a place for e-learning, but online training alone will not create the right cultural practices. Likewise, online training is usually generic and doesn’t typically address the specific information security policies implemented by the organisation. We can provide onsite and live-online training as well as ongoing awareness programmes for you which are tailored to your business, the nature of the information assets you work with, your risk tolerance and the roles of the individuals to be trained.
We tailor our training to your specific needs. We’ll agree the scope, the topics to be covered, the length of the training sessions and the objectives you wish to achieve. If you want us to carry out a short test at the end of the training, we can do that. Likewise, we can create overview documents for delegates to refer back to if desirable. Common types of training we provide include:
Board and Executive briefings for your leadership team, helping them understand information security, the importance of risk led security management and updating them on the latest cyber breach news. Each session also includes a Q&A.
Onsite or live online information and cyber security awareness training for all employees. Rather than just focus on technical threats, we spend time helping attendees to understand the need for good information security and security behaviours including the expectations of stakeholders and customers and also common mistakes that individuals make.
Specific functions have access to more sensitive and higher risk information assets, and escalated access privileges. These can include Executives, IT, HR and Finance personnel. To help manage the higher risk associated with greater access levels by these functions, we can provide a role or function specific version of our awareness training.
An effective security awareness programme should be ongoing and delivered using a combination of approaches. We can provide you with a managed awareness programme and take responsibility for improving employee knowledge and information security behaviours, with the aim of creating a genuine security culture.
This will help reduce information security risks and reduce the likelihood of a security incident, including a personal data breach. Our awareness programmes are tailored to your specific needs but typically include:
At the outset of the engagement we agree an awareness theme for each quarter, together with specific topics to be covered each month. We can combine information security and data protection awareness programmes if desirable.