This awareness and training module concerns the information risk and security aspects of portable/pocket computing devices and media - all the usual cybersecurity issues plus those relating to the devices themselves and how they are used.
Treating the information risks relating to portable computing devices requires a combination of procedural, technical and physical controls. The ubiquity of portable devices makes this topic relevant to almost everyone.
- Introduce the subject, explaining the scope and purpose of the awareness topic;
- Discuss the information risks associated with portable computing devices, touching on wireless networking, mobile working, IoT (Internet of Things) and BYOD (Bring Your Own Device);
- Explain the mix of deliberate and accidental threats, the particular vulnerabilities, and the impacts both on the organization and on individuals;
- Describe and promote the corresponding information security controls;
- Motivate workers to take more care over their use of pocket computing devices.
Consider your organization’s learning objectives in relation to the information risk, security, privacy and related aspects of pocket/portable/wearable computing devices. What are (or should be!) management’s key concerns in this domain? Check the incident records and metrics: what kinds of issues or incidents typically affect portable devices? Does the business depend on portable computing? Are there any recent, current or planned initiatives or projects involving portable devices, BYOD, IoT etc.?
Portable ICT security awareness
Use this security awareness and training module to educate and persuade the workforce to take care of portable IT devices and media.