This awareness and training module concerns conceptual or architectural frameworks, standards, methods and good practices in the area of information risk and security – ‘security frameworks’ or ‘frameworks’ for short.
Both the organization and individual workers are obliged to comply with various rules concerning information security. Some rules are imposed by external authorities in the form of laws and regulations, others are self-imposed through corporate policies and procedures, contracts etc.
There are numerous laws and regulations relating to information security, far too many to cover in detail. Likewise with corporate security policies, procedures etc. The module provides a sound platform or starting point: please customise it to reflect your specific situation.
- Introduce the topic, explaining what security frameworks are and why they are both relevant and valuable to the organisation;
- Outline legal and regulatory compliance obligations relevant to information security;
- Outline a variety of public security frameworks such as the ISO27k and NIST SP800 series standards, ITIL, OWASP, CSA, CSF and others;
- Promote the adoption of good security practices from a variety of sources;
- Promote the use of structured and systematic methods and approaches to information risk and security management, secure systems development, business process engineering etc. in general, blending corporate with public frameworks where appropriate;
- Stimulate people to think - and most of all act - more securely.
Security frameworks awareness
An awareness and training module about laws, rules, regulations, agreements and good practices relevant to information risk and security, privacy etc.