SBS - The Best Value in QMS software

ISO 27001 A.8.2.2 Information Security Awareness, Education and Training

R

Ramaiyer

#1
GM All,

I am a newbie to this forum (1st post) as well as ISO27001. We are implementing ISMS for ISO 27K1 certification for an IT consulting company. I am looking for sample "Information security awareness, education and training". Any PPT or other format that I can customize or use it as a starting point. Any help is appreciated.

Thx
 
Elsmar Forum Sponsor

Stijloor

Staff member
Super Moderator
#2
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

A Quick Bump!

Can someone help?

Thank you very much!!
 

dsheaffe

Involved In Discussions
#3
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

Here are a couple of sources that I have used.

www.iso27001security.com has a free toolkit that not only includes training materials but also sample policies/procedures, etc.

Microsoft also has a Security Awareness Toolkit that is free (just search for Microsoft Security Awareness Toolkit and you will find it).

Hope they help.
 

Richard Regalado

Trusted Information Resource
#5
GM All,

I am a newbie to this forum (1st post) as well as ISO27001. We are implementing ISMS for ISO 27K1 certification for an IT consulting company. I am looking for sample "Information security awareness, education and training". Any PPT or other format that I can customize or use it as a starting point. Any help is appreciated.

Thx
Hello Ramaiyer. The starting point is answering this question - "who are you gonna train?" Answer this question and we'll talk further.
 

Richard Regalado

Trusted Information Resource
#6
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

Here are a couple of sources that I have used.

www.iso27001security.com has a free toolkit that not only includes training materials but also sample policies/procedures, etc.

Microsoft also has a Security Awareness Toolkit that is free (just search for Microsoft Security Awareness Toolkit and you will find it).

Hope they help.
Hi dsheaffe. Thanks for sharing. Did you find my contributions useful on the toolkit? Would like to solicit your feedback in particular the documents that I've shared, if you happen to use any of it. Cheers!
 
R

Ramaiyer

#7
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

Thanks Richard for responding. Intended audience are the employees working in areas of company that the scope covers. I have the Toolkit PPT presentation that I will model after, and also I created a training procedure that covers the policies.

Thx again

Ramaiyer
 

dsheaffe

Involved In Discussions
#8
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

Hi dsheaffe. Thanks for sharing. Did you find my contributions useful on the toolkit? Would like to solicit your feedback in particular the documents that I've shared, if you happen to use any of it. Cheers!
Hi Richard, thank you for making them available. I didn't use any of your documents directly. I like to try and get a number of examples and then build my own based on our needs and the good ideas I get from all my sources, so from that perspective they were certainly handy in looking at options about content and formatting. Thanks again for sharing.
 

Richard Regalado

Trusted Information Resource
#9
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

Thanks Richard for responding. Intended audience are the employees working in areas of company that the scope covers. I have the Toolkit PPT presentation that I will model after, and also I created a training procedure that covers the policies.

Thx again

Ramaiyer
Sorry Ramaiyer for the delayed response. For your target audience you may consider the following topics:
  • a general overview of information security, the drivers of your organization for information security, how it will benefit the organization, etc.
  • responsibility of the employees towards information security, here you may want to introduce the IS policies you have
  • an overview of the risks specific to the employees working area and their responsibility for risk mitigation
  • an overview of the incident management framework, who to report to, what events/incidents to report, etc.
  • compliance concerns - contractual obligations and obligations under the law and regulatory bodies
-
 

Richard Regalado

Trusted Information Resource
#10
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

Hi Richard, thank you for making them available. I didn't use any of your documents directly. I like to try and get a number of examples and then build my own based on our needs and the good ideas I get from all my sources, so from that perspective they were certainly handy in looking at options about content and formatting. Thanks again for sharing.
You are welcome dsheaffe. We have a Google group, with a good mixture of seasoned professionals and newbies, which discusses these things. I can PM you the link on how to join if you are interested.
 
Thread starter Similar threads Forum Replies Date
K Information Classification Labeling - ISO/IEC 27001:2005 Labeling Requirements IEC 27001 - Information Security Management Systems (ISMS) 1
P ISO 27001 Information IEC 27001 - Information Security Management Systems (ISMS) 8
P ISO 27001:2005 Information Security Management System - Revision Status IEC 27001 - Information Security Management Systems (ISMS) 5
C ISO 27001 compliant Information Security Log IEC 27001 - Information Security Management Systems (ISMS) 8
S Internal Audits to ISO 27001 (Information Security) Internal Auditing 3
Z ISO 27001 Information Security - How to write documentation and where to start Other ISO and International Standards and European Regulations 30
I Statement of Applicability per ISO 27001:2005 Information Security - Seeking Example Other ISO and International Standards and European Regulations 5
Y How can i integrate ISO 13845 into ISO 27001? ISO 13485:2016 - Medical Device Quality Management Systems 4
Richard Regalado Informational ISO/IEC DIS 27001:2021, to be published soon. IEC 27001 - Information Security Management Systems (ISMS) 0
N ISO 27001 for Jumb Burger - Risk Assessment sheet IEC 27001 - Information Security Management Systems (ISMS) 11
T ISO 27001 sample audit report IEC 27001 - Information Security Management Systems (ISMS) 4
M Choosing Auditors - ISO 9001 / ISO 27001 (UK) IEC 27001 - Information Security Management Systems (ISMS) 2
M ISO 27001 ISMS scope for companies with subsidiaries IEC 27001 - Information Security Management Systems (ISMS) 0
S How to Learn all aspects of ISO 27001:2013 | The best way to grab the knowledge on 27001:2013 (Step by Step) IEC 27001 - Information Security Management Systems (ISMS) 7
P Relevance of Offsite backups process compliance and ISO 27001 certification. IEC 27001 - Information Security Management Systems (ISMS) 3
P Why does the standard clause use the term Issues in place of Context - ISO 27001 4.1 IEC 27001 - Information Security Management Systems (ISMS) 3
P What is the exact difference between Risk and Opportunity in context of ISO 27001? IEC 27001 - Information Security Management Systems (ISMS) 7
L Implementation of ISO 27001 as part of the GDPR compliance journey Other Medical Device Related Standards 2
Le Chiffre Is ISO/IEC 27001 appropriate for most small businesses? IEC 27001 - Information Security Management Systems (ISMS) 2
A Policies Mandatory or essential for ISO 27001 implementation IEC 27001 - Information Security Management Systems (ISMS) 6
A ISO/IEC 27001 - Issue during implementation of system IEC 27001 - Information Security Management Systems (ISMS) 3
A ISMS implementation - ISO 27001: 2013 Company Objectives IEC 27001 - Information Security Management Systems (ISMS) 1
B Integrating ISO 9001/27001 External Audits - Audit Time Reduced? Discounts? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 7
K Risk Assessment Registry - ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 9
Richard Regalado ISO/IEC 27001:2016 Overview and Vocabulary - FREE! IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado ISO/IEC 27001 Mandatory Documentation Checklist IEC 27001 - Information Security Management Systems (ISMS) 1
P Recommended books on ISO 27001:2013 Implementation and Internal Auditing IEC 27001 - Information Security Management Systems (ISMS) 4
A ISO 27001 function wise or department wise audit questionnaire with control & clauses IEC 27001 - Information Security Management Systems (ISMS) 3
S Sample document for integrated ISO 20000 & ISO 27001 Other ISO and International Standards and European Regulations 3
W What are the benefits of ISO 27001 for my IT Organization IEC 27001 - Information Security Management Systems (ISMS) 3
S Clarification in organizing required documents for ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 6
A Risk Register template as per ISO 27001:2013 wanted IEC 27001 - Information Security Management Systems (ISMS) 9
Richard Regalado Sharing a Statement of Applicability (SOA) for ISO/IEC 27001:2013 IEC 27001 - Information Security Management Systems (ISMS) 2
S ISO 27001:2013 - How to document Context Of the Organization IEC 27001 - Information Security Management Systems (ISMS) 13
C ISO 27001:2013 ISMS Internal Audit Checklist/Questionnaire IEC 27001 - Information Security Management Systems (ISMS) 27
G ISO 27001 for a Hosting Provider IEC 27001 - Information Security Management Systems (ISMS) 3
P ISO 27001:2013 Clause 4.1 and 4.2 Clarification and Guidance IEC 27001 - Information Security Management Systems (ISMS) 13
W Working in a company where we try to implement ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 9
L Where to purchase ISO/IEC 27001:2013 IEC 27001 - Information Security Management Systems (ISMS) 3
L Implementing ISO 27001 A12.1.1 Security Requirements Analysis and Specification IEC 27001 - Information Security Management Systems (ISMS) 2
I ISO 27001:2013 Released - Transition Requirements? IEC 27001 - Information Security Management Systems (ISMS) 6
J ISO 27001 - Business Continuity Event Simulation Testing Business Continuity & Resiliency Planning (BCRP) 8
R Required artifacts (records) for ISO 27001 Auditing IEC 27001 - Information Security Management Systems (ISMS) 9
P What are the benefits of certified ISMS for ISO 27001 standard? IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado DRAFT ISO/IEC 27001:201? ISMS Requirements (Open for Comments!) IEC 27001 - Information Security Management Systems (ISMS) 0
A Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 8
L Time Required to Implement ISO 27001 if ISO 9001 certified & SOX compliant? IEC 27001 - Information Security Management Systems (ISMS) 3
G Customer Property Cl. 7.5.4 - Where does ISO 9001 stop and ISO 27001 start? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
T ISO/IEC 27001 to ISO/IEC 12207 Mapping - Cross Reference Matrix IEC 27001 - Information Security Management Systems (ISMS) 2

Similar threads

Top Bottom