IT Induction and Information Security Awareness
eBook - ePub

IT Induction and Information Security Awareness

A Pocket Guide

  1. 51 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

IT Induction and Information Security Awareness

A Pocket Guide

About this book

Where your information security is concerned, prevention is better than cure.

If you want to tackle the problem of information security, you cannot rely on the help of technology alone. Information security breaches tend to occur as a result of human, as well as technological, failings. However, the human factor usually receives far less attention. Training

Computer systems are complex, so people who work with them often need to be trained in how to use them correctly. This applies especially to your company's information security. The loss of a memory stick by a careless employee, or the downloading of a file that contains a virus, may be all it takes to cause a security breach.

Practical advice

This book offers you practical advice on how to develop an IT Induction programme for your staff that can help safeguard your business information. By providing your employees with simple instruction in good IT working practices, and by making sure they know what is expected of them, you can strengthen your company's information security and reduce the risk that your data will be stolen or lost.

A sense of responsibility

Encouraging good corporate working and a strong sense of responsibility are, the author argues, essential for the protection of your business information. She shows you how to strike the right balance in your approach to staff training, thereby enabling you to provide your employees with an IT Induction that is at once informative and accessible.

Benefits to business include:

  • Reduce the likelihood of a damaging security breach. Putting in place a programme of IT Induction will help ensure that your company's staff are following information security best practice. Educating employees in good IT working practices will help them to avoid the errors that might otherwise put your organisation at risk.
  • Protect the company's reputation. The damage an information security breach can do to your business goes beyond the initial cost of clearing up the mess. Without proper staff training, the danger is that theft or loss of data will damage your company's reputation. You need to provide your staff with a proper IT Induction in order to preserve good relations with your customers.
  • Avoid legal complications. IT offers business new, less formal means of communication. Employees write e-mails in a different style from the way they write letters. However, contracts can be made or broken via e-mail, and e-mail correspondence can be cited in litigation. An IT Induction programme will give your staff the appropriate guidance on e-mail communication with the clients or business partners of your company.
  • Manage employee working practices. Laptop computers and broadband mean that for many employees, the boundaries between work and home are becoming blurred. If you allow your staff to mix and match between working in the office and working from home, you need to make sure they know what they have to do to safeguard your firm's data both inside and outside the office.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access IT Induction and Information Security Awareness by Valerie Maddock in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

CHAPTER 1:
PUTTING IT INDUCTION IN PERSPECTIVE

Do you find the terms IT Induction and IT Introduction being used interchangeably? If yes, then it is also likely that you will have new employees in your organisation who, being IT competent, are wondering why they need to attend an IT Introduction programme, and are most likely raising objections at such a proposition. Understandably so. If you are not experiencing a conflict of these terms then you are in an enviable position.

To explain:

Introduction is about a first experience of a subject or activity, so you would expect an IT Introduction programme to focus on instruction on how to use IT, a skills-based training event for instance, and unlike induction, an introduction has a conclusion, an end point.
Induction on the other hand is less open and closed because it is educational in nature and focuses on expected behaviour as much as it does on sharing knowledge, and has little relationship to IT competencies. The aim of any induction process is to help new employees make a smooth and informed transition to their new workplace, ensuring all the basic information they need is available to them, so they are in a position to adapt quickly to their new role.
This pocket guide refers therefore to IT Induction as an educational programme or activity that informs staff within an organisation about the IT3 facilities and services available to them, brings their attention to current IT policies and guidelines, and emphasises individual responsibilities through good working practices.

So what is the relationship between IT Induction and Information Security Awareness?

Information Security is fundamentally about safeguarding information, and is based on the CIA principles:
ā€¢ Confidentiality: ensuring information can only be accessed by those who are authorised to do so.
ā€¢ Integrity: ensuring the information is accurate and can be trusted.
ā€¢ Availability: ensuring the information is available when it is needed.
Hence, Information Security Awareness focuses on the userā€™s responsibility, to ensure that good working practices are adopted under these broad principles, thereby reducing the likelihood to the organisation (and to some extent the individual) of legal, financial and reputational risk. Figure 1 shows how Information Security Awareness becomes an integral part of a holistic IT Induction programme.
3 Information and Communications Technology is implied (ICT).
Figure 1: The relationship between the elements of an IT Induction programme and information security
From Figure 1 it can be deduced that either removing or limiting any of the elements of the IT Induction programme will have the overall effect of reducing the Information Security Awareness impact, which would not only be a missed opportunity, but may also prove to be a costly one.

How does an ICT Code of Conduct fit with IT Induction?

An employee ICT Code of Conduct or Acceptable Use Policy (AUP) is a document that sets out certain rules and guidelines that an employee is expected to follow whilst using the organisationā€™s information systems, and will indicate what would constitute an infringement of these guidelines and the penalties of doing so. Depending on the organisation, the employee may be required to sign the Code of Conduct as part of their employee contract or before being given access to the organisationā€™s information systems. Consequently, the ICT Code of Conduct sits within the IT Policies and Guidelines element of IT Induction, as shown in Figure 1, and is therefore an integral part of the programme. It would thus make logical sense for a new employee to undertake the IT Induction programme prior to signing the Code of Conduct, as this will give the document more significance.
In summary, this chapter has distinguished between IT Introduction and IT Induction. It has indicated three key content areas for the IT Induction programme, and shown how these overlap to bring about integral Information Security Awareness opportunities into the programme.

CHAPTER 2:
THE TARGET AUDIENCE

Generally, organisations provide an induction for all new employees, and this may be a generic programme or tailored to meet job profiles. As this pocket guide is focusing on IT Induction, does this change the target audience, and should IT Induction be specific to job profiles?
Certainly there is a valid argument that tailoring an induction programme to specific roles is likely to be more effective than a generic stance, although more time-consuming and potentially more expensive to develop and deliver. For instance, there may be a number of specialist IT roles in your organisation, including staff in the IT department, who would benefit from a customised IT Induction; however, it may also be your view that this approach may be too detailed and excessive for your organisational requirements, or could be managed by an alternative route.
Assuming, for practicality purposes, a generic IT Induction programme is planned, it would seem reasonable to assume that the target audience for this programme would be any new employee who requires access to the organisationā€™s information systems, also known as a ā€˜new userā€™. This compares with an employee induction, where it is unlikely that anyone would be excluded from this knowledge-sharing activity.
Having established the target audience for the IT Induction programme let us now explore the types of new users you may encounter in your organisation.
A new user is generally understood to be an employee who has just taken up an appointment in the organisation. The Human Resources (HR) department will know of this individual as a consequence of recruitment and payroll tasks, and the new employee would have been identified as requiring access to the organisationā€™s information systems resulting from their job role. Alternatively, a new user may be an employee who does not currently have access to the organisationā€™s information systems, but now requires access as a result of a change in their job ro...

Table of contents

  1. FOREWORD
  2. PREFACE
  3. ABOUT THE AUTHOR
  4. CONTENTS
  5. CHAPTER 1: PUTTING IT INDUCTION IN PERSPECTIVE
  6. CHAPTER 2: THE TARGET AUDIENCE
  7. CHAPTER 3: WHOSE RESPONSIBILITY IS IT ANYWAY?
  8. CHAPTER 4: INDICATIVE CONTENT
  9. CHAPTER 5: DELIVERY OPTIONS
  10. CHAPTER 6: MAKING IT INDUCTION PART OF A NEW USER PROCESS
  11. CHAPTER 7: IT INDUCTION ā€“ A ONE TIME ONLY EXPERIENCE?
  12. ITG RESOURCES