- Security TWENTY
- Women in Security
Skills for Security have introduced the ISO 27001 standard to their courses on information security. The Worcester-based skills body is delivering two courses; a one day introduction to the information security management standard, and a two day ISO 27001 implementation course. Both are designed to enable companies to train their staff and adopt a best-practice approach to information security management across their business.
The greatest security threat faced by most companies today is not from outside attacks but from insider threats, malicious or unintentional, SfS says. Companies generally protect themselves from outside attacks such as spam or phising emails, cyber-attacks and hackers but 2015 reports from IBM state that some of the biggest data breaches of the last 18 months are known to have been caused by insider threats, with 95pc of insider breaches being the result of unintentional human error. Insider threats from employees can vary in their form and accidental breaches may come from posting sensitive information on the company’s website or social media, sending information to the wrong party via email, fax, or mail, or improperly disposing of clients’ records.
Even those with the best of intentions, could lose information saved on a USB stick or inadvertently aid in an attack by clicking on a malicious link sent in a phishing email when opening via their phone. There are many ways to reduce the risk or threats to a business but to reduce those of insider breaches staff awareness and training is essential to ensure that employees are fully aware of the potentials security threats they face.
The ISO 27001 one day introduction will enable learners to understand the standard, help them to improve their management processes and prepare their business for growth through achieving ISO certification.
The two day course will enable learners to produce a high level project plan which identifies timescales, milestones and resource requirements to implement a robust information security processes and is aimed at those who are, or are planning to comply or certify ISO 27001.