When was the last time you had any training for information security or privacy? If you are responsible for information security, when was the last time you provided training for your personnel? For your contracted workers, vendors and other business partner to whom you entrust information and computer systems access? Is it just general information security information, or do you provide customized, targeted training to different groups based upon their specific job responsibilities?

And when was the last time you saw any type of communication about information security or privacy that raised you awareness of some particular related issue? Chances are you probably last saw a communication in the news that actually raised your awareness...or perhaps on a blog.

And when was the last time you participated in some type of awareness activity? If you are responsible for information security, privacy and/or compliance, when was the last time you routed a communication to raise awareness? Or provided an activity to really allow your personnel to participate in and practice the activities that help them understand information security and privacy better?

I've been working in the information security, privacy and compliance area since 1988, and I know...I KNOW...from experience that your efforts will fail, or be much less successful than they could be, if you do not provide effective and ongoing education to your personnel and business partners to whom you entrust your information and systems access.

I've been writing about the need for organizations to provide information security and privacy training and awareness for a very long time. I put a lot of my experiences and lessons learned in creating an education program into my book "Managing an Information Security and Privacy Awareness and Training Program."

Recently I wrote several articles within the May, June and July issues of my "IT Compliance in Realtime Journal."  They include...

July 2008

  • Information Security and Privacy Education Support Compliance
  • Providing IT With Targeted Information Security and Privacy Education
  • Providing Call Centers With Targeted Information Security and Privacy Education

June 2008

  • What to Tell Personnel: Messaging Security and Privacy
  • What to Tell Personnel: Mobile Computing Security and Privacy
  • What to Tell Personnel: Disposal Security and Privacy

May 2008

  • Addressing the Insider Threat
  • Business Leader Primer for Effective Information Disposal
  • Creating Effective Case Studies for Information Security and Privacy Training

Check them out and see if any of my tips, advice and ideas help you with your information security and privacy education efforts. Let me know what you think!

You cannot have effective information security, you cannot effectively preserve privacy, and you will not be in compliance with virtually all data protection and privacy laws and regulations throughout the world if the personnel who handle personally identifiable information (PII) and/or access your information resources and systems and networks within your organization, do not receive effective periodic training and ongoing awareness communications.

Humans are the weakest link in information security and privacy success. You cannot expect people to know how to protect information if you do not tell them how!

The bottom line is...

Information security and privacy efforts will fail if you do not provide effective training and ongoing awareness communications and activities.

No votes yet