Information Security And Training And Awareness - 1215 Words

Information Security Role of training and awareness Why training is important? Information security is an exercise for protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Building an Information Security Management System (IS MS) within an organization would be incomplete unless ongoing training and awareness of systems is present, which is essential to embed the principles of IS MS within the organization. The Training and Awareness procedure relates to the training and awareness activities undertaken at the organization, to ensure all employees are aware of their respective roles and responsibilities towards information†¦show more content†¦Maintain records of education, training, skills, experience and qualifications. Applicability Core Employees: Employees, who are part of IS MS roles, define and own policies and procedures and promulgate the same across The organization. They would also ensure compliance to all such policies and procedures. Examples of core employees are IS MC and CISO. Apply Employees: Employees who are part of IS MS roles, and would be responsible to ensure compliance to ISMS BCMS policies and procedures. They would also report compliance to all ISMS BCMS policies and procedures to the IS Management Committee. Examples of Apply employees are members of IS Working Group. Comply Employees: Employees who receive information on IS MS steps that they have to implement and go ahead and implement these steps. Training and awareness exercises shall be conducted for the following roles, as defined in the respective IS MS governance model: i. CEO ii. IS Management Committee iii. Chief Information Security Officer (CISO) iv. IS Management Representative v. Functional Planner vi. IS Working Group vii. Internal Auditor viii. Facility Manager ix. Floor Warden All employees What is the impact of new policies? IT Act- Information Security Requirements i. Information Security Policies and Procedures ii. ISMS awareness material iii. ISMS training calendar iv. Procedure around User sign-off on IS policies and procedures and other relevant declarations v. Records of such sign-offs