Internet Security Awareness Training

Internet Security Awareness Training (ISAT) consists of the training of members of an organization regarding the protection of various information assets of that organization. Organizations that need to comply with government regulations (i.e. GLBA, PCI, HIPAA, Sarbox) normally require formal ISAT for all employees, usually once or twice a year. Many Small and Medium Enterprises (SME's) do not require ISAT for regulatory compliance, but train their employees to prevent a cyberheist. Internet Security Awareness Training at this point in time is usually provided via online courses. ISAT is a subset of general security awareness Training.

Topics covered in ISAT include:

Being Internet Security Aware means you understand that there are people actively trying to steal data that is stored within your organization's computers. (This often focuses on user names and passwords, so that criminal elements can ultimately get access to bank accounts and other high-value IT assets.) That is why it is important to protect the assets of the organization and stop that from happening.

According to Microsoft,

The focus of ISAT is to achieve an immediate and lasting change in the attitude of employees towards Internet Security, making it clear that security policies and Acceptable Use policies are vital for the survival of the organization, and not as rules that restrict the employee being efficient at work.

Security awareness training for employees is one of the most effective means of reducing the potential for costly errors in handling sensitive information and protecting company information systems. Training can be conducted through a number of means and certain approaches are more effective than others:

Security Awareness Training can ensure personnel have a solid understanding of their employer’s security practices and policies. In contrast, an uninformed employee is susceptible to malware, phishing attacks, and other forms of social engineering. They can do substantial harm to an organization’s systems and place its data at risk.

Key aspects of any awareness training program should include the following:

See also

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.