140 items found
- ISO27k templates, security policies, awareness | SecAware | New Zealand
Implementing an ISO 27001 I nformation S ecurity M anagement S ystem? ISO/IEC 27001:2022 specifies a governance framework and good practices for managing information risk and security Sec Aware provides top-quality ISMS toolkits , policies and awareness materials: valuable creative content at great prices Check out our black Friday SALE About Shop Specials
- About | SecAware | New Zealand
About you You are busy running the show, juggling priorities and trying to keep everyone happy. Under pressure to comply with GDPR, HIPAA, PCI-DSS, ISO27k, SP800-53 and more, you're concerned about cyber incidents, especially those that haven't even been detected and reported yet. Management demands action : they're not exactly clear what that might be, but you'd better be sharp about it ! You're looking for an approach that is both effective and pragmatic, given finite resources and competing priorities. Your fellow workers (staff and management) are busy too, focused on anything but information risk and cybersecurity it seems. Lacking knowledge and attention, they are vulnerable to phishing, Business Email Compromise, ransomware and a million other threats. Security to them is largely an annoyance, an obstacle, a pain in the rear. They have More Important Things To Do . To make progress, you need to catch their eyes and change their attitudes. Aside from simply informing your colleagues about information security threats and policies, the challenge is to get people to think and behave more securely , avoiding risky decisions and actions. The first step is to convince your managers that a 'management system' or 'governance framework' for information risk and security management is more than just good practice. It gives management the information and levers necessary to direct, guide and monitor information security, supporting and enabling the achievement of business objectives relating to the protection and legitimate exploitation of information. We help you succeed . Find out about us ... or cut to the chase and shop for the materials to build your ISO/IEC 27001 I nformation S ecurity M anagement S ystem including sensible policies and motivational awareness content . We'll get you up and running in no time with top-quality materials at unbeatable prices.
- Audiences | SecAware
About your audiences It makes little sense to blast out awareness and training content without first understanding your audiences, their perspectives and their information needs. To that end, Sec Aware materials are designed to appeal to the following three corporate audiences: 1. Workers in general (everyone!) Persuading workers to participate willingly in your information risk, security, privacy and compliance activities takes more than just policies and management edicts. Workers need to understand what is expected of them, and be sufficiently motivated to act accordingly. Top quality, professionally crafted security policies and other awareness and guidance materials are key. For the general audience, the materials take the individual's perspective, addressing their self-interests, their families and personal lives, as much as their working roles. 2. Managers Management sets the tone for your organization. Without management’s understanding and support, information security is doomed. Getting senior and general management on-board with information risk and security is the quickest and most powerful - if not the only - way to influence your corporate culture. Content for the management audience revolves around the business perspective: how does information security support and enable the business? What is its commercial value? What are the compliance imperatives, the strategic and policy options? How should information risk and security management people be structured and directed? There are governance as well as information risk and security management aspects here. 3. Professionals Various experts are typically involved in designing, implementing, operating and managing the organization's information risks and the security arrangements. Despite their specialist knowledge in areas such as IT, risk management, HR, physical security and compliance, information security presents unique challenges. Sometimes even the professionals need guidance and support. Sec Aware helps them understand the issues and options, get to grips with the technology, and get things on-track. Think about it: would you let an untrained mechanic work on your car brakes? All three audiences are addressed in the Sec Aware content - for instance, each Sec Aware awareness module covers the same topic from their distinct perspectives. We plant the seeds, leading the audiences to consider and discuss information security, exploring their common interests and (in some cases) points of difference. Overall, Sec Aware, in conjunction with you and your employees, brings the content to life, lifting it off the page or screen. Gradually those seeds germinate, security becoming simply 'what we do around here', an integral and vital part of the corporate culture.