IT Security Awareness Training for Employees to follow ISO/IEC 27001 & 27002 and facilitate Audits
Online training or Intranet-based Learning Management Systems (LMS) are two approaches to implement regular and accountable IT security awareness training for employees. This is true for companies of all sizes and all departments. One can find reliable, comprehensive courses for general Computer, Internet and E-Mail users as well as developers or project managers. Using e-learning approaches offers executives to monitor and document the learning progress and success of their employees easily and thus prove in security audits that adequate IT and information security awareness training for employees has been conducted.
Both ISO/IEC 27001 and ISO/IEC 27002 require security awareness training for all employees to follow a certification. ISO/IEC 27001 explicitly mentions the requirement for training and awareness measures related to information security. Annex A, part "control measures," references training and awareness of employees. One of the key requirements is that “all employees handling information must be informed and trained about the risks and necessary measures to ensure they perform their duties with security awareness”. Moreover, section A.7.2.2 specifies that employees should be aware of the organization's information security policies and procedures. Regular training should be provided to ensure they stay informed about current threats and risks.
ISO/IEC 27002 emphasizes the importance of security awareness programs and recommends conducting regular training to foster awareness among employees. Section 7.2.2 explicitly states the requirement that all employees, including management and external parties, should regularly receive training and awareness programs on information security. These programs should ensure that security awareness is reinforced within the organization and that employees are aware of security risks.
Organizations are expected to ensure that all employees are regularly trained to promote security awareness and behavior. This is true for companies of all sizes, of course also when your enterprise does not strive for an ISO certification. Frank Hissen offers online security awareness training courses for:
These courses are available for LMS in the SCORM format for Intranet offline use and on Udemy (Business).
In case of playback problems, you can also find the video on YouTube.
About Frank Hissen
Computer Scientist Frank Hissen has over 25 years experience in IT and software projects. He is a self-employed consultant for enterprises and companies of all sizes with a specialization in application security & compliance as well as cryptography/encryption.
Alternative Keywords
IT Security Awareness, ISO/IEC 27001, ISO/IEC 27002, IT/Information Security, Online Learning, Enterprise, Business, Office, Organisation, Institution, Company, e-Learning, Life Long Learning, Courses, Seminars, Video Online Course
Categories: News IT Security Background articles
Comments
Post your comment
Share
If you like this page, it would be a great thing if you share it with others: