Information Security Awareness Guidelines Document Number: OIL-IS-GUD-ISA

Similar documents
Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM

_isms_27001_fnd_en_sample_set01_v2, Group A

01.0 Policy Responsibilities and Oversight

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Corporate Information Security Policy

Information Technology Branch Organization of Cyber Security Technical Standard

Advent IM Ltd ISO/IEC 27001:2013 vs

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Level Access Information Security Policy

C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT

Update on the Key Initiatives Recommended by NTT Data regarding the Agency Cyber Security Framework

DEVELOPING THE SECURITY PROGRAM

Cybersecurity Overview

Security Awareness Compliance Requirements. Updated: 11 October, 2017

POSITION DESCRIPTION

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Seven Requirements for Successfully Implementing Information Security Policies and Standards

Cyber Security Program

INFORMATION TECHNOLOGY NETWORK ADMINISTRATOR ANALYST Series Specification Information Technology Network Administrator Analyst II

Information Security and Cyber Security

SLAS Special Interest Group Charter Application

Information Technology Access Control Policy & Procedure

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Information Security Policy

Usage Policy Document Number: OIL-IS-POL-EU

The IDN Variant TLD Program: Updated Program Plan 23 August 2012

B. To ensure compliance with federal and state laws, rules, and regulations, including, but not limited to:

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Industry Webinar. Project Modifications to CIP-008 Cyber Security Incident Reporting. November 16, 2018

ITG. Information Security Management System Manual

Follow-up to Information Technology Security Audit

ITG. Information Security Management System Manual

Acceptable Use Policy

Audit Logging and Monitoring Procedure Document Number: OIL-IS-PRO-ALM

Privacy Policy on the Responsibilities of Third Party Service Providers

building a security culture to counter emerging cybersecurity threats

Cybersecurity for IT Online. kaspersky.com/awareness #truecybersecurity. Kaspersky Enterprise Cybersecurity

SECURITY PLAN CREATION GUIDE

Master Information Security Policy & Procedures [Organization / Project Name]

Business Continuity and Disaster Recovery

VMware vcloud Air Accelerator Service

Canada Life Cyber Security Statement 2018

Building a Resilient Security Posture for Effective Breach Prevention

ERP/CRM System Implementation Methodology

Information Security Controls Policy

Information Security Management System (ISMS) ISO/IEC 27001:2013

Runway Safety Teams (RSTs) Description and Processes. Session 5 Presentation 1

ITSS Model Curriculum. - To get level 3 -

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Accessibility Implementation Plan

VACANCY NOTICE. Vacancy Notice No: CAT-6 (WRO-21)/SSA Date of Issue : 24 June Title: Assistant (ICT) Deadline for application : 10 July 2015

Information Security Policy

Jacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope

PRIVACY POLICY QUICK GUIDE TO CONTENTS

NC Project Learning Tree Guidelines

POSITION DESCRIPTION

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Role Type Pay Band Location Duration Reports to: Venue Staff 14$ per hr Singapore Freelance Operations Manager, Examinations Services

Wye Valley NHS Trust. Data protection audit report. Executive summary June 2017

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Continuous protection to reduce risk and maintain production availability

Certified Information Security Manager (CISM) Course Overview

Defensible Security DefSec 101

Threat and Vulnerability Assessment Tool

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

Using the Web in Your Teaching

CISM ITEM DEVELOPMENT GUIDE

,000+ What is the BCI Corporate Partnership? What are the benefits of becoming a Corporate Partner? Levels of Partnership

FOLLOW-UP REVIEW OF RISK MANAGEMENT ETC RISK MANAGEMENT FRAMEWORK

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

APPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION. PT. TÜV NORD Indonesia PS - TNI 001 Rev.05

Defending Our Digital Density.

Port Facility Cyber Security

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY

Information Security Management Criteria for Our Business Partners

Course No. S-3C-0001 Student Guide Lesson Topic 5.1 LESSON TOPIC 5.1. Control Measures for Classified Information

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Information Security Controls Policy

PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC

Passguide CISM 468q. Number: CISM Passing Score: 800 Time Limit: 120 min File Version: Isaca CISM

Note for Approval NFA

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

Continuing Professional Education Policy

Trust Services Principles and Criteria

Under the Patronage of HH Sheikh Saif bin Zayed Al Nahyan. Minister of Interior Affairs. ACCESS Abu Dhabi 2015

To use centralised systems for remote control of computers and deployment of software, system images and security updates.

Request For Proposal ONWAA Website & E-Learn Portal

UK Permanent Salary Index November 2013 Based on registered vacancies and actual placements

SAVANNAH LAKES VILLAGE PROPERTY OWNERS ASSOCIATION, INC. JOB DESCRIPTION

Information Technology General Control Review

WELCOME ISO/IEC 27001:2017 Information Briefing

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Access Control and Physical Security Management. Contents are subject to change. For the latest updates visit

Fiscal 2015 Activities Review and Plan for Fiscal 2016

AAA Pro Training Program - Frequently Asked Questions

Transcription:

Information Security Awareness Guidelines Document Number: OIL-IS-GUD-ISA

Document Details Title Description Version 2.0 Author Classification Information Security Awareness Guidelines Guideline This document provides guidelines for setting up information security awareness across the organization. Information Security Manager Internal Review Date 31.03.2017 Reviewer & Custodian Approved By CISO Release Date 03.04.2017 Owner Information Security Council (ISC) CISO Distribution List Name Internal Distribution Only Version History Version Number Version Date 1.0 04/03/2015 2.0 03.04.2017 Internal Page 2 of 6

Table of Content 1. Purpose... 4 2. Guidelines... 4 2.1. Information Security Awareness Program (ISAP)... 4 2.1.1. Goals and Principles... 4 2.1.2. Assumptions... 5 2.2. Information Security Awareness Campaign (ISAC)... 5 2.2.1. Programs within the ISAC... 5 2.2.2. Project Development... 6 2.3. Information Security Training Program (ISTP)... 6 2.3.1. ISTP Topics... 6 Internal Page 3 of 6

1. Purpose The purpose of this document is to provide guidelines for setting up information security awareness program at the Company. This guideline for Information Security Awareness Program (ISAP) supports the high level policy statements defined in the Company s Information Security Policy. The purpose of the ISAP is to assist all users in becoming more knowledgeable and conscious of their responsibilities in securely generating, using, and maintaining the information assets of the Company. It is the responsibility of the Information Security Manager (ISM) to initiate steps to make all employees aware of those practices, which promote secure and sensible information management. It will provide all employees with the basic knowledge needed to handle data in a secure manner. The ISAP will consist of the following initiatives: Information Security Awareness Campaign (ISAC); and Information Security Training Program (ISTP) Intended Audience All OIL and contract employees will participate in the awareness campaigns and training programs organized by the Information Security Council (ISC). 2. Guidelines 2.1. Information Security Awareness Program (ISAP) 2.1.1. Goals and Principles The goal of this program is to change behavior by changing attitudes. This is a program of education and awareness. The program will develop the user s knowledge, skills and abilities so that the users can perform their jobs more securely. The ultimate goal is to ensure that all Company s employees appropriately handle and protect all Information Assets. In many cases this means changing the information handling behavior of the employees. The ISAP aims to do this through a systematic program of awareness enhancement and education in Internal Page 4 of 6

secure computing and information handling practice(s). This program is designed to make users aware of their own attitudes about such practices, as well as to communicate the most appropriate attitudes. 2.1.2. Assumptions A key consideration for the creation and planning of an ISAP is the time/ resources we will commit to such a program. In formulating this program the following assumptions are made with regards to the availability of the Company s employees and resources needed to execute the program: Resources will be made available as required for the development of Company approved information security training material and training programs; The Company s executive leadership will review and support ISAP. 2.2. Information Security Awareness Campaign (ISAC) In support of the Company s ISAP, an ISAC will be organized and executed through the office of the Information Security Manager. The content and scope of these programs will be developed by the IT Department and then reviewed and approved by the Information Security Manager. 2.2.1. Programs within the ISAC Some of the programs that may be implemented by the ISC for instilling security awareness are: Security Awareness Week A week designated as Security Awareness Week may be announced and observed with every security awareness project possible. Such a week will act as a focus point to initiate or enhance other projects and to raise employee awareness regarding the importance of information security. Electronic Mail Bulletins addressing information security topics may be developed and may include descriptions of security incidents, possible impact of security breaches, and how an effective security posture can act as an enabler for business operations. Posters Posters may be created with Information Security themes and posted at common meeting locations to heighten user awareness of security issues. Screensavers The security awareness project team could develop screensavers to provide and improve information security awareness. Internal Page 5 of 6

2.2.2. Project Development The security awareness program team will staff each of these programs as well as any others that are recommended by the ISM or the Company s management. Each project may be presented to the authorities for all required approvals. It is assumed that resources may need to be designated to facilitate the implementation and to offset the cost required for any of the projects listed above. 2.3. Information Security Training Program (ISTP) In addition to the ISAC, the Company needs more formalized and structured training for users to ensure that they have adequate knowledge necessary to securely perform their duties. In order to provide an effective and efficient ISAP, the Company may institute an ISTP in components targeted at end users. Class-room training sessions on IS are conducted for all the new inductees. These sessions are part of the Management Development Program. Periodic IS Awareness sessions are held targeting different groups of employees of the organization. Dos & Don ts regarding IS are provided as part of the instructions package for every new employee. 2.3.1. ISTP Topics Topics that may be considered for inclusion in ISTP include: Acceptable policies/ guidelines for information technology resources; Electronic mail policies/ guidelines; Internet security issues; and Security incident reporting and handling requirements Internal Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback