Information Security is a general term used to describe the measures an organization takes to protect the confidentiality, integrity and availability (CIA) of sensitive or confidential information. Information security awareness training is an essential element of any organization’s information security program. Its purpose is to equip staff with the knowledge necessary to help protect the organization’s assets, including client and personnel information. However, some information security awareness training programs barely provide the necessary information to be considered an effective means of ensuring employees understand not only how to protect the organization’s information but why it is important to protect that information.
This white paper provides an overview of how organizations can develop effective curriculum for information security awareness training programs.