This module focuses on exploiting and protecting valuable information in a broad range of working situations - not just traditional offices but workers in other locations and situations such as:
- Farms, mines, trawlers … primary production facilities;
- Factories and workshops;
- Warehouses and distribution centers;
- Shops and other retail outlets;
- Construction sites, engineering projects;
- Schools, colleges, universities, conferences, lecture theaters & TV studios;
- Research laboratories, surgeries, wards and operating theaters;
- Private offices, cubicles and open-plan offices, including hot-desking;
- Home working varying from a corner of the kitchen table to a purpose-built plush home office;
- Vehicles e.g. cars, trucks, trains, planes, cabs, buses, bikes;
- On-the-go using portables e.g. laptops, tablets, smartphones and wearables;
- (Semi-)public areas e.g. bank tellers, receptionists, libraries and facilities with frequent or permanent visitors (e.g. on-site customer support teams).
- Working in temporary or make-shift offices e.g.:
- Cafés and restaurants;
- Customer sites plus those of suppliers, partners and advisors;
- Waiting rooms including departure lounges at ports;
- Hotel rooms, business centers and lobbies;
- Rent-an-office and similar shared commercial spaces or facilities;
- Using rented, borrowed, used or other potentially untrustworthy IT equipment.
- Working ‘at the front line’, perhaps even behind enemy lines (in a military or commercial sense) in untrustworthy places or countries such as China, Russia and the US where the authorities are known to snoop, especially on powerful foreigners;
- Collaborative online working (virtual teams);
- Audio/video conferencing including desktop Skype or speakerphone as well as dedicated videoconference facilities;
- Working online, connected over networks (typically but not necessarily the Internet) to the organization's IT systems, data and applications, including cloud services;
- Working offline, using IT or not;
- Working the usual 9-to-5 or 'out of hours', often alone and under stress.
Where and how we work is clearly varied hence the information risks are equally varied, but there’s a unifying theme: we are concerned with information risks in the physical domain and the work context.
The workplace infosec module is intended to:
- Introduce the topic, providing general context and background information (see above!);
- Expand on the associated information risks and controls, particularly physical controls, to secure various IT systems, data storage media and network/communications facilities, plus non-IT information assets e.g. papers and knowledge … which brings in health and safety for workers (no, we’re not offering a health and safety awareness service but it’s a peripheral issue worth a brief mention).;
- Stimulate workers to behave securely e.g. noticing, challenging and/or reporting unaccompanied visitors, logging-off or screen-locking systems and clearing desks before wandering off, being discreet when working in public spaces, taking care over wireless networking, and being extra cautious in hostile environments and challenging situations.
Think about your learning objectives in relation to workplace information security (infosec). Are there any specific organizational concerns or business angles to it?
Workplace infosec awareness
Raise awareness of the information risks and security controls appropriate to a wide variety of 'workplaces' - both conventional offices and unconventional areas.