Sample Ongoing Security Awareness Standard:: Difference between revisions

Revision as of 16:24, 23 January 2014

Sample Employee Ongoing Security Awareness Standard

This Employee Ongoing Security Awareness Standard builds on the objectives established in the Security Awareness Policy, and provides specific instructions and requirements for providing ongoing security awareness education and training for Company employees.

Objectives

General
1. All Company employees should receive the appropriate Information Security awareness training on an annual basis.
2. Effective combinations of the following security awareness materials and techniques should be used to promote and reinforce Company information security objectives:
  1. Electronic mail reminders
  2. Logon banners with security message of the day
  3. Security awareness contests
  4. Security Posters
  5. Company newsletter
  6. Booklets and handouts
3. All Company employees should be made aware of the certain security-related issues as they occur including but not limited to:
  1. Virus alerts, hoaxes, and approved Company responses
  2. Social engineering techniques
  3. Security topics of interests
4. Asset Owners, Asset Custodian, Information Technology personnel, and Information Security staff should receive ongoing security training that covers emerging risks to sensitive Company information assets and the latest security trends.

Document Examples

Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.

Employee Ongoing Security Awareness Standard page one of five.
Employee Ongoing Security Awareness Standard page two of five.
Employee Ongoing Security Awareness Standard page three of five.
Employee Ongoing Security Awareness Standard page four of five.
Employee Ongoing Security Awareness Standard page five of five.

@@ Line 1: / Line 1: @@
-==Document History==
+==Sample Employee Ongoing Security Awareness Standard==
+This Employee Ongoing Security Awareness Standard builds on the objectives established in the [[Sample_Security_Awareness_Policy:|'''Security Awareness Policy''']], and provides specific instructions and requirements for providing ongoing security awareness education and training for Company employees.
+==Objectives==
+# '''General'''
+## All Company employees should receive the appropriate Information Security awareness training on an annual basis.
+## Effective combinations of the following security awareness materials and techniques should be used to promote and reinforce Company information security objectives:
+### Electronic mail reminders
+### Logon banners with security message of the day
+### Security awareness contests
+### Security Posters
+### Company newsletter
+### Booklets and handouts
+## All Company employees should be made aware of the certain security-related issues as they occur including but not limited to:
+### Virus alerts, hoaxes, and approved Company responses
+### Social engineering techniques
+### Security topics of interests
+## Asset Owners, Asset Custodian, Information Technology personnel, and Information Security staff should receive ongoing security training that covers emerging risks to sensitive Company information assets and the latest security trends.
 <br>
-{| id="table1" width="100%" border="1"
-| bgcolor="#C0C0C0" | '''Version'''
+==Document Examples==
-| bgcolor="#C0C0C0" | '''Date'''
+Use these samples as a guide for your policy development. Fully customizable versions are available from [http://policy-machine.com The Policy Machine].<br>
-| bgcolor="#C0C0C0" | '''Revised By'''
-| bgcolor="#C0C0C0" | '''Description'''
-|-
-| 1.0
-| 1 January 2010 <Current date>
-| Michael D. Peters '''<Owners's name>'''
-| This version replaces any prior version.
-|}
-<br>
-==Document Certification==
-<br>
-{| id="table1" width="100%" border="1"
-| bgcolor="#C0C0C0" | '''Description'''
-| bgcolor="#C0C0C0" | '''Date Parameters'''
-|-
-| '''Designated document recertification cycle in days:'''
-| 30 - 90 - 180 - '''365''' '''<Select cycle>'''
-|-
-| '''Next document recertification date:'''
-| 1 January 2011 '''<Date>'''
-|}
 <br>
+<gallery>
+Image:Employee Ongoing Security Awareness Standard.png|Employee Ongoing Security Awareness Standard page one of five.
+Image:Employee Ongoing Security Awareness Standard(1).png|Employee Ongoing Security Awareness Standard page two of five.
+Image:Employee Ongoing Security Awareness Standard(2).png|Employee Ongoing Security Awareness Standard page three of five.
+Image:Employee Ongoing Security Awareness Standard(3).png|Employee Ongoing Security Awareness Standard page four of five.
+Image:Employee Ongoing Security Awareness Standard(4).png|Employee Ongoing Security Awareness Standard page five of five.
+</gallery>
-=='''Sample Ongoing Security Awareness Standard'''==
-<br>
-The '''<Your Company Name>''' (the "Company) [[Sample Security Awareness Policy:|'''Sample Security Awareness Policy''']] defines objectives for establishing a formal Security Awareness Program, and specific standards for the education and communication of the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br>
-<br>
-This Ongoing Security Awareness Standard builds on the objectives established in the [[Sample Security Awareness Policy:|'''Sample Security Awareness Policy''']], and provides specific instructions and requirements for providing ongoing security awareness education and training for Company employees.<br>
-<br>
-=='''I. Scope'''==
-<br>
-All Company employees who have been granted access to Company information or systems are covered by this standard and must comply with associated guidelines and procedures.<br>
-<br>
-'''Asset Owners''' refers to the managers of organizational units that have primary responsibility for information assets associated with their functional authority.<br>
-<br>
-'''Asset Custodians''' refers to the managers, administrators and those designated by the Asset Owner to manage, process, or store information assets.<br>
-<br>
-'''Information assets''' are defined in the [[Sample Asset Identification and Classification Policy:|'''Sample Asset Identification and Classification Policy''']].<br>
-<br>
-=='''II. Requirements'''==
-<br>
-:'''A. General'''<br>
-<br>
-:1. All Company employees should receive the appropriate Information Security awareness training on an annual basis.<br>
-<br>
-:2. Effective combinations of the following security awareness materials and techniques should be used to promote and reinforce Company information security objectives:<br>
-<br>
-::*Electronic mail reminders<br>
-::*Logon banners with security message of the day<br>
-::*Security awareness contests<br>
-::*Security Posters<br>
-::*Company newsletter<br>
-::*Booklets and handouts<br>
-<br>
-:3. All Company employees should be made aware of the certain security-related issues as they occur including but not limited to:<br>
-<br>
-::*Virus alerts, hoaxes, and approved Company responses<br>
-::*Social engineering techniques<br>
-::*Security topics of interests<br>
-<br>
-:4. Asset Owners, Asset Custodian, Information Technology personnel, and Information Security staff should receive ongoing security training that covers emerging risks to sensitive Company information assets and the latest security trends.<br>
-<br>
-=='''III. Responsibilities'''==
+[[file:Employee Ongoing Security Awareness Standard.png]]
-<br>
+[[file:Employee Ongoing Security Awareness Standard(1).png]]
-The Chief Information Security Officer (CISO) approves the Ongoing Security Awareness Standard. The CISO also is responsible for ensuring the development, implementation, and maintenance of the Ongoing Security Awareness Standard.<br>
+[[file:Employee Ongoing Security Awareness Standard(2).png]]
-<br>
+[[file:Employee Ongoing Security Awareness Standard(3).png]]
-Company management is responsible for ensuring employees within their area of responsibility cooperate with Company security awareness and training efforts; ensuring that employees within their area of responsibility receive ongoing Information Security awareness and training in accordance with the [[Sample Security Awareness Policy:|'''Sample Security Awareness Policy''']] and associated standards and guidelines; and ensuring the effective communication of relevant security issues with the Information Security Department.<br>
+[[file:Employee Ongoing Security Awareness Standard(4).png]]
-<br>
-=='''IV. Enforcement and Exception Handling'''==
-<br>
-Failure to comply with the Ongoing Security Awareness Standard and associated guidelines and procedures can result in disciplinary actions up to and including termination of employment for employees or termination of contracts for contractors, partners, consultants, and other entities. Legal actions also may be taken for violations of applicable regulations and laws.<br>
-<br>
-Requests for exceptions to the Ongoing Security Awareness Standard should be submitted to <Insert Title> in accordance with the Information Security Standards Exception Procedure. Prior to official management approval of any exception request, the individuals, groups, or organizations identified in the scope of this standard will continue to observe the Ongoing Security Awareness Standard.<br>
-<br>
-=='''IV. Review and Revision'''==
-<br>
-The Ongoing Security Awareness Standard will be reviewed and revised in accordance with the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']].<br>
-<br>
-Approved: _______________________________________________________<br>
-<br>
-::Signature<br>
-<br>
-::<Insert Name><br>
-<br>
-::Chief Information Security Officer<br>
-<br>

Sample Ongoing Security Awareness Standard:: Difference between revisions

Revision as of 16:24, 23 January 2014

Sample Employee Ongoing Security Awareness Standard

Objectives

Document Examples

Navigation menu

Search