Security awareness

Security awareness

Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization. Many organizations require formal security awareness training for all workers when they join the organization and periodically thereafter, usually annually.

Topics covered in security awareness training include:

*The nature of sensitive material and physical assets they may come in contact with, such as trade secrets, privacy concerns and government classified information

*Employee and contractor responsibilities in handling sensitive information, including review of employee nondisclosure agreements
*Requirements for proper handling of sensitive material in physical form, including marking, transmission, storage and destruction
*Proper methods for protecting sensitive information on computer systems, including password policy and use of two-factor authentication
*Other computer security concerns, including malware, phishing, social engineering, etc.
*Workplace security, including building access, wearing of security badges, reporting of incidents, forbidden articles, etc.
*Consequences of failure to properly protect information, including potential loss of employment, economic consequences to the firm, damage to individuals whose private records are divulged, and possible civil and criminal penalties

Being Security Aware means you understand that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within our computer systems and through out our organization. Therefore, it would be prudent to support the assets of our institution (information, physical, and personal) by trying to stop that from happening.

According to [ ENISA] 'Awareness of the risks and available safeguards is the first line of defence for the security of information systems and networks.'

'The focus of Security Awareness consultancy should be to achieve a long term shift in the attitude of employees towards security, whilst promoting a cultural and behavioural change within an organisation. Security policies should be viewed as key enablers for the organisation, not as a series of rules restricting the efficient working of your business.'

ee also

* Access control
* Physical Security
* Security
* Security controls
* Security management
* ISO/IEC 27002


Web Sites Providing Security Awareness Programs

[ Inspired eLearning] - 10 course online Security Awareness training program plus posters, screensavers, and a monthly eNewsletter
[ SCIPP International] - Not-for-Profit On-line Security Awareness and Certification Services
[ eLearning Corner] - Security Awareness training for employees
[ National Digital Services]
[ Native Intelligence] - Security Awareness Courses, Posters, Daily Tips

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Information Security Awareness Forum — The Information Security Awareness Forum was founded by the UK chapter of the Information Systems Security Association in 2008. Its objective is to create a co ordinated cross industry / cross institution approach for delivering security… …   Wikipedia

  • National Cyber Security Awareness Month — is observed each October since its inception in 2004 in the United States of America.[1] Sponsored by the National Cyber Security Division (NCSD) within the Department of Homeland Security and the National Cyber Security Alliance (NCSA, a non… …   Wikipedia

  • Security controls — are safeguards or countermeasures to avoid, counteract or minimize security risks. To help review or design security controls, they can be classified by several criteria, for example according to the time that they act, relative to a security… …   Wikipedia

  • Security engineering — is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to… …   Wikipedia

  • Awareness — Mit Awareness (engl. „Bewusstsein“ oder „Gewahrsein“, auch übersetzt als „Bewusstheit“, zur Betonung der aktiven Haltung, ferner auch „Aufmerksamkeit“) kann gemeint sein: das Bewusstsein der Öffentlichkeit für ein Thema; siehe Public Awareness… …   Deutsch Wikipedia

  • Awareness of National Security Issues and Response — (ANSIR) (appelé dans les années 1970 Development of Espionage and Counterintelligence Awareness (DECA)) est une mission du FBI visant à réduire la vulnérabilité aux attaques terroristes des citoyens américains sur leur propre territoire. Le… …   Wikipédia en Français

  • security and protection system — Introduction       any of various means or devices designed to guard persons and property against a broad range of hazards, including crime, fire, accidents, espionage, sabotage, subversion, and attack.       Most security and protection systems… …   Universalium

  • Awareness, Inc. — Infobox Company company name = Awareness, Inc. company company type = Private company slogan = Powering social media communities for the enterprise foundation = Waltham, Massachusetts (2007) location = Waltham, Massachusetts key people = industry …   Wikipedia

  • Security and safety features new to Windows Vista — There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.Beginning in early 2002 with Microsoft s announcement of their Trustworthy Computing… …   Wikipedia

  • Security Policy — Eine Sicherheitsrichtlinie (auch Sicherheitsleitlinie, Sicherheitspolitik) beschreibt den erstrebten Sicherheitsanspruch einer Institution (Behörde, Unternehmen, Verband etc.). Mit Sicherheit ist hier in der Regel Informationssicherheit gemeint.… …   Deutsch Wikipedia