(Available also for Customised Training by Duration, Venue & Fee)
Overview
Officer leaves his desk while his computer is running. DG is taking a walk around, sees the computer on, tests it and finds it’s not pass-worded, gets into the email box, sends a mail to himself: “Our DG always acts stupid” and mails it to his own mail address.
DG gets to his office, opens his mail box and calls the HR Manager to read the message from the manager’s email address. The shocked HR Manager called the HOD of the manager. The shocked HOD called the manager to explain why he sent out the insult to the DG. In shock, the manager was shaking. In no time, the news had spread all over the establishment . . .
What the Course Teaches
- Information increasingly digital making it easy to transmit
- Information increasingly digital making it easy to copy and misuse
- Organizations struggling to keep pace with the increasingly stringent laws that protect privacy.
- Un-shredded, discarded memo that leads to security breaches
- Protection of proprietary and/or confidential data that can cause big financial losses.
Course Contents
DAY ONE
Understand and Apply Best Practices to Information Security Matters
- Importance of effective privacy and information security
- Information Security Awareness
- Consequences of information being lost or stolen
- Responsibilities of employees in protecting information
DAY TWO
- How to Recognize What Information that Should Be Protected
- How to handle information appropriately
- Intellectual Property
- How to recognize security breaches and report them
DAY THREE
Technology Risk Management Guidelines
- Important data security practices when using electronic devices
- Identity theft
- Strong passwords
- Online activities
- Mobile security
- Removable devices
- Working remotely
- Malware
- Protecting hidden data (metadata)
- Phishing
DAY FOUR
Physical Security
- Understand the need for organizations to ensure the security of facilities and equipment
- Learn about common work areas and how they must be protected
- Apply best practices to reduce the risk of intrusion and theft
- Changing behaviours and reducing risk
Access Control
- Learn why organizations must control access to their networks and systems
- Understand the processes involved in granting and monitoring access
- Apply best practices to reduce the risk of unauthorized access to information.
The Laws Guiding Privacy
- Client confidentiality
Learning from Red Flags Rule
- Collection personal information
- Suspicious documents
- Suspicious identifying information, such as a suspicious address
- Identification, detection and prevention of Red Flags
DAY FIVE
Information Classification
- Understand why organizations classify their information
- Practice classifying information according to its level of sensitivity
- Apply best practices for handling information according to its classification level
Information Lifecycle
- Understand the value of information to an organization
- Learn how to properly manage information throughout its lifecycle
- Apply best practices for secure information management, including secure data destruction
The Clean Desk Principle
- Understand the importance of keeping unattended work areas clear of sensitive information
- Learn about how to properly ensure the security of documents and portable
- devices
- Apply best practices to reduce the risk of information leakage
