ISMS Training

ISO/IEC 27001:2013 international standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. Like many other management systems, ISO 27001 is based on the Plan-Do-Check-Act approach.

Worldwide, organizations implement and maintain ISO 27001 information security management systems (ISMS) to keep crucial information assets secure. The standard outlines a risk management process involving people, processes and IT systems, thereby providing a holistic approach to information security.

Staff awareness training is one of the most effective ways of preventing data breaches The Standard recognizes that, although technological defences are essential, their use is limited if employees make careless mistakes. There’s nothing technology can do if someone finds an employee’s password on a scrap of paper or if an employee loses a briefcase containing sensitive information. To prevent these kinds of mistakes, ISO 27001 mandates that organizations hold regular staff awareness training tackling a variety of information security issues. 

Control 7.2.2 of ISO/IEC 27001 ISMS standard requires organizations to conduct the regular staff awareness training. CyberSRC^® has a service of providing employee/staff awareness training in accordance with the ISO 27001 ISMS standard.

The awareness training that CyberSRC^® provides is customisation according to the organizations that avail the services. 

• To understand key concepts of information security.
• Understand what is information, information security and information security management system.
• Understand the 3 main pillars of information security (CIA triad)
• Understand the benefits of information security
• Understand what is a control and its types.
• Understand the ISMS framework and key information security policies.
• Understand information security industry best practices to be followed

1. 1. Identify What Staff Need To Learn: Information is accessed and used in a variety of ways across the organization. CyberSRC^® tries to understand as to how the employees are accessing and using the information and evaluate what the employees need to know.
   2. Train Your Staff: Once CyberSRC^® has evaluated the organization, an effective curriculum will be formulated and trainer will be employed to deliver the lessons.
   3. Measure The Training’s Effectiveness: it’s no good training staff if they don’t retain the information. After the completion of training, the employees will be provided with the questionnaire to evaluate the understanding that they received from the trainings.