Training and awareness
Information security and governance is not just technical jargon. With proper training and awareness, Information Security should be considered everyone’s responsibility.
First steps to raise your security awareness
The College has been working with IS to provide a comprehensive introduction to security to all members of staff.
It is part of the induction for new staff and it would be highly beneficial for those already holding a position.
Even if this course is promoted by IS, security governance is not a technical matter but an organizational matter. It will help to increase your security awareness and its completion is considered as due care.
Being the victim of a cyber-attack does not only put us through an upsetting or embarrassing situation, it could also entail some legal consequences. Some of you might have heard about them, but consider them unrelated to your regular duties – this could not be further from the truth.
There are many other useful resources that could help to increase our security awareness. Information Services provide us with very useful information about security
It is very helpful to know what the ICO has to say about educational institutions.
In the College we are aware that security does not end in our office. Most of us use digital devices, produce and consume data and access different services outside the University.
The UK Government has created a website which help us to digitally secure our lives.
Universities are among the places where more intellectual property and sensitive data are used, gathered, and produced, and the loss or leakage thereof could not only affect the reputation of the University but also lead to considerable fines.
A substantial number of worldwide cyberattacks maps have placed higher education institutions among the top five reported industries, even ahead of governments.
The College Security Training Plan for technical staff
The College believes that relevant security training enables staff to perform their duties securely. Some in-house detailed training with hands-on instruction could help those that are in a more technical role.
The College training plan is to focus on those who support users and is a long-term project. Although they are generally more aware, technical staff also pose an additional risk as their accounts often carry elevated privileges; there is a need therefore to train our technical staff as part of our work plan.
CHSS has decided to tackle what has been identified as the most appropriate plan of information security training and certification for their technical staff; primarily understanding the needs of each school and having in mind a wider picture of the security requirements across the University.
We have used a tiered or layered approach to complete this task. We have divided the training into technical levels, hence,
- a foundation level for junior technical staff,
- a practical or on-hands training for senior or skilled staff, training for those who are in management positions,
- and finally another scheme for the College SIRO.
Once all of these staff members are trained they could easily be assigned to the strategic, tactical, and operation levels upon demand.
The College has found the following courses the most appropriate for each of the levels.
Every training normally has the option of a certification but we would like to make clear that this is completely optional.
It is up to the line manager to discuss this with his/her staff and above all it is the user that has been assigned to attend a particular course, or requested him/herself to take this training, who has the final decision.