This programme can run as an online or classroom training
(Available also for Customised Training by Duration, Venue & Fee)
Overview
Officer leaves his desk while his computer is running. DG is taking a walk around, sees the computer on, tests it and finds it’s not pass-worded, gets into the email box, sends a mail to himself: “Our DG always acts stupid” and mails it to his own mail address.
DG gets to his office, opens his mail box and calls the HR Manager to read the message from the manager’s email address. The shocked HR Manager called the HOD of the manager. The shocked HOD called the manager to explain why he sent out the insult to the DG. In shock, the manager was shaking. In no time, the news had spread all over the establishment . . .
What the Course Teaches
Information increasingly digital making it easy to transmit
Information increasingly digital making it easy to copy and misuse
Organizations struggling to keep pace with the increasingly stringent laws that protect privacy.
Un-shredded, discarded memo that leads to security breaches
Protection of proprietary and/or confidential data that can cause big financial losses.
Course Contents
DAY ONE
Understand and Apply Best Practices to Information Security Matters
Importance of effective privacy and information security
Information Security Awareness
Consequences of information being lost or stolen
Responsibilities of employees in protecting information
DAY TWO
How to Recognize What Information that Should Be Protected
How to handle information appropriately
Intellectual Property
How to recognize security breaches and report them
DAY THREE
Technology Risk Management Guidelines
Important data security practices when using electronic devices
Identity theft
Strong passwords
Online activities
Mobile security
Removable devices
Working remotely
Malware
Protecting hidden data (metadata)
Phishing.
DAY FOUR
The Laws Guiding Privacy
Client confidentiality
Learning from Red Flags Rule
Collection personal information
Suspicious documents
Suspicious identifying information, such as a suspicious address
Identification, detection and prevention of Red Flags
DAY FIVE
Information Classification
Understand why organizations classify their information
Practice classifying information according to its level of sensitivity
Apply best practices for handling information according to its classification level
Information Lifecycle
Understand the value of information to an organization
Learn how to properly manage information throughout its lifecycle
Apply best practices for secure information management, including secure data destruction
The Clean Desk Principle
Understand the importance of keeping unattended work areas clear of sensitive information
Learn about how to properly ensure the security of documents and portable
devices
Apply best practices to reduce the risk of information leakage
Physical Security
Understand the need for organizations to ensure the security of facilities and equipment
Learn about common work areas and how they must be protected
Apply best practices to reduce the risk of intrusion and theft
Changing behaviours and reducing risk
Access Control
Learn why organizations must control access to their networks and systems
Understand the processes involved in granting and monitoring access
Apply best practices to reduce the risk of unauthorized access to information.