Security Awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and information assets of that organization or ones that are entrusted to by its clients or partners.
Increasingly hostile marketplace and the fact that we have become totally reliant on Information Technology present an important challenge for business governance today. Once a Company establishes its Security Governance, knowledge of it should effectively be communicated to staff so that corporate security policies and standards are known throughout its enterprise.
Knowledge awareness should primarily be disseminated by the members of the Security Governance Committee, Senior Leaders and via a security education program. Security Education Program gives meaning to the security policies and standards by translating them into practical direction intended to change human behaviour to provide an improved corporate security posture.
An organization that wishes to minimize its security exposure must be committed to educate all employees of the potential security risks to the corporate enterprise. Being security aware, means employees understand that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within a company's computer systems and throughout the organization.
The goal of security education is to ensure staff know or reasonably ought to know their responsibilities to protect information, systems and other corporate assets. A robust and enterprise wide security education is paramount for ensuring that employees understand their security roles and responsibilities, corporate policies, and how to use and protect the computational resources.
Information Security is everyone's business - where all employees have a role to play in embedding security governance and to ensure that an effective Security Education Program is adopted enterprise wide.
RSS Inc. offers a Security Education Program (SEP) Service that caters to our client's needs. Our seasoned professionals have developed Security Education artefacts in various industry sectors from conceptual to implementation stages and they are in full compliance with our client's industry applicable requirements.
The three parts of our Security Educational Program are:
Security Awareness - Informing users of their information security responsibilities
by providing descriptions and responsibilities of their roles related to the organizational
mission; Utilizing campaigns in raising awareness towards different topics.
Security Training - Disseminating and providing explanations of the organization’s
information security policies, standards, and practices.
Security Education - Online computer based training (CBT) and/or in-class customized
courses that are customized for technical or business audience.
RSS Inc. SEP solution will serve as an on-going information security reference guide for all employees so that they will have an understanding of information security issues and to increase overall corporate security awareness. The main purpose of SEP is to bring information security into the forefront and to make it a recognized and better understood entity for all employees. The overall goal is to disseminate information about security and provide compliance to corporate Security Governance.
RSS Inc. team will work in tandem with our client assigned team throughout the entire engagement thus ensuring the knowledge sharing.
There are times when companies do not have the resources or internal knowledge to develop a Security Education Program. By engaging the RSS Inc. team for short-term outsourcing assistance, it will enable companies to utilize seasoned professionals to establish practice that will quickly embed the idea that ‘security is everyone's business’ into the corporate mentality.
The solution customized training will educate employees on how to identify, how-to and to whom to report the security concerns and breaches. The outcome of customized campaigns, brochures, posters and information sessions will help clients and their employees better understand the role and importance of Security Governance, how it applies to her/his role and compliance to it, within the organization.
By bringing the external experience to the table, our clients will be in the position to shorten the information security governance maturing phase.
RSS Inc. team will provide mid and long-term plans containing milestones for implementing Security Education Program practice and related processes.