ISO 27001 A.8.2.2 Information Security Awareness, Education and Training

R

Ramaiyer

GM All,

I am a newbie to this forum (1st post) as well as ISO27001. We are implementing ISMS for ISO 27K1 certification for an IT consulting company. I am looking for sample "Information security awareness, education and training". Any PPT or other format that I can customize or use it as a starting point. Any help is appreciated.

Thx
 
Stijloor

Stijloor

Leader
Super Moderator
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

A Quick Bump!

Can someone help?

Thank you very much!!
 
D

dsheaffe

Involved In Discussions
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

Here are a couple of sources that I have used.

www.iso27001security.com has a free toolkit that not only includes training materials but also sample policies/procedures, etc.

Microsoft also has a Security Awareness Toolkit that is free (just search for Microsoft Security Awareness Toolkit and you will find it).

Hope they help.
 
R

Ramaiyer

Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

Thank you
 
Richard Regalado

Richard Regalado

Trusted Information Resource
Ramaiyer said:
GM All,

I am a newbie to this forum (1st post) as well as ISO27001. We are implementing ISMS for ISO 27K1 certification for an IT consulting company. I am looking for sample "Information security awareness, education and training". Any PPT or other format that I can customize or use it as a starting point. Any help is appreciated.

Thx
Click to expand...

Hello Ramaiyer. The starting point is answering this question - "who are you gonna train?" Answer this question and we'll talk further.
 
Richard Regalado

Richard Regalado

Trusted Information Resource
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

dsheaffe said:
Here are a couple of sources that I have used.

www.iso27001security.com has a free toolkit that not only includes training materials but also sample policies/procedures, etc.

Microsoft also has a Security Awareness Toolkit that is free (just search for Microsoft Security Awareness Toolkit and you will find it).

Hope they help.
Click to expand...

Hi dsheaffe. Thanks for sharing. Did you find my contributions useful on the toolkit? Would like to solicit your feedback in particular the documents that I've shared, if you happen to use any of it. Cheers!
 
R

Ramaiyer

Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

Thanks Richard for responding. Intended audience are the employees working in areas of company that the scope covers. I have the Toolkit PPT presentation that I will model after, and also I created a training procedure that covers the policies.

Thx again

Ramaiyer
 
D

dsheaffe

Involved In Discussions
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

Richard Regalado said:
Hi dsheaffe. Thanks for sharing. Did you find my contributions useful on the toolkit? Would like to solicit your feedback in particular the documents that I've shared, if you happen to use any of it. Cheers!
Click to expand...

Hi Richard, thank you for making them available. I didn't use any of your documents directly. I like to try and get a number of examples and then build my own based on our needs and the good ideas I get from all my sources, so from that perspective they were certainly handy in looking at options about content and formatting. Thanks again for sharing.
 
Richard Regalado

Richard Regalado

Trusted Information Resource
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

Ramaiyer said:
Thanks Richard for responding. Intended audience are the employees working in areas of company that the scope covers. I have the Toolkit PPT presentation that I will model after, and also I created a training procedure that covers the policies.

Thx again

Ramaiyer
Click to expand...

Sorry Ramaiyer for the delayed response. For your target audience you may consider the following topics:
  • a general overview of information security, the drivers of your organization for information security, how it will benefit the organization, etc.
  • responsibility of the employees towards information security, here you may want to introduce the IS policies you have
  • an overview of the risks specific to the employees working area and their responsibility for risk mitigation
  • an overview of the incident management framework, who to report to, what events/incidents to report, etc.
  • compliance concerns - contractual obligations and obligations under the law and regulatory bodies
-
 
Richard Regalado

Richard Regalado

Trusted Information Resource
Re: ISO 20000-1 A.8.2.2 Information Security Awareness, Education and Training

dsheaffe said:
Hi Richard, thank you for making them available. I didn't use any of your documents directly. I like to try and get a number of examples and then build my own based on our needs and the good ideas I get from all my sources, so from that perspective they were certainly handy in looking at options about content and formatting. Thanks again for sharing.
Click to expand...

You are welcome dsheaffe. We have a Google group, with a good mixture of seasoned professionals and newbies, which discusses these things. I can PM you the link on how to join if you are interested.
 
You must log in or register to reply here.

Similar threads

R
ISO/IEC 27001:2022 Information security management systems
Replies
4
Views
602
ROOTS
R
R
Sample procedure needed for ISO/IEC 27001:2022
Replies
3
Views
2K
Andy W
A
T
Relation between ISMS and QMS for a SaMD
Replies
3
Views
891
Sidney Vianna
Sidney Vianna
R
ISO 27001 implementation
Replies
3
Views
1K
Guest
G
Q
Documented Evidence of Training ISO 13485: 2016
2 3 4 5
Replies
46
Views
5K
FRA 2 FDA
FRA 2 FDA
Top Bottom