Enterprise Security Management System, Communications Strategy, Awareness Training Methodology

1,946 views
1,760 views

Published on

Enterprise Security Management System, Communications strategy, Awareness Training Methodology

Published in: Business, Education, Technology

Enterprise Security Management System, Communications Strategy, Awareness Training Methodology

  1. 1. The Path to ISO27k Certification *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Compiled by Mark E.S. Bernard, CRISC, CGEIT, CISM, CISSP, CISA, ISO 27001 Lead Auditor, PM, PA, CNA
  2. 2. The Path to ISO27k Certification Goals: • Announcing • Motivating • Educating • Informing • Supporting Decision making Communications *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  3. 3. Communications *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  4. 4. The Path to ISO27k Certification Awareness Training Target Audience: • Network Engineers • Database Administrators • System Administrators • IT Operations General Audience: • Corporate, Divisions • External existing and potential customers Communications *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  5. 5. Communications Awareness Training Topics: • Risk Assessment • Asset Inventory • Vulnerability Management • Information Handling /Classification • Incident Handling / Breach, Disaster, Continuity • Defence-in-depth / Security Architecture *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  6. 6. Communications Strategy *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  7. 7. Communications Strategy *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  8. 8. Developing Lesson Plans for PARTICIPATORY LEARNING *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  9. 9. AGENDA  WHY DO WE NEED TO PLAN?  BENEFITS  GOALS  DESIGN REQUIREMENTS  GIVING & RECEIVING FEEDBACK *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  10. 10. LESSON PLANNING DEFINED A lesson plan is a description of the sequence of activities engaged in by the instructor and learners in order to achieve a predetermined instructional objective. It includes a description of the instructional session, the aids, devices, and other resources required. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  11. 11. LESSON PLANNING ELEMENTS  Basic details: title of the lesson, instructor, date, time, location, special arrangements, length of session, etc..  Method of Bridge-in (Motivation): explain why learning this will be useful  Objectives: performance, what the learner will be able to do at the end of the lesson  Pre-test Procedure: test items, questions to check knowledge or understanding, behaviors to observe, assignment(s), task(s), etc…. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  12. 12. TEAM INSTRUCTION ROLES  Facilitator: The person who introduces the instructor, the learning objective, provides administration over feedback forms and initiates learning session closure.  Instructor: The expert providing the lesson, instructions for learners including participatory learning session and moderation of verbal feedback session(s). *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  13. 13. WHO CAN BENEFIT  People from any content area who are committed to delivering high-quality instruction  People who would like to vary their teaching styles  New instructors who would like to learn from others with more experience  Experienced instructors who would like to share their experiences with others *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  14. 14. GOALS • Write a useful, practical lesson plan • Use instructional objectives to inform learners about what they are expected to learn • Conduct a highly participatory classroom session • Use common instruction aids competently • Use good questioning techniques during classroom sessions • Use simple techniques during lessons to test teaching • Evaluate what has been learned in relation to your performance objectives • Give objective behavioral feedback • Feel more competent and confident as an instructor *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  15. 15. DESIGNING MINI- LESSON PLANS  Bridge-in; explains the value of the lesson to the learner and provides motivation  Objective; what must the learner do? under what conditions? how well?  Pre-test; identifies any prior knowledge and whether or not the learner can already accomplish the objective  Participatory learning; the learner is as actively involved in the learning process as possible  Post-test; determines if the learner has indeed learned *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  16. 16. THE 40 MINUTE MINI -LESSON CYCLE  Preparation - 10 minutes; facilitator consults with instructor to select forms, discuss points to be observed  Lesson - 20 minutes; instructor teaches mini lesson to other participants  Written Feedback - 7 minutes; facilitator hands out selected feed back forms and provides directions  Verbal Feedback from Learners - 13 minutes; facilitator conducts oral feedback session, ensuring that the instructor receives and understands the comments of the participants *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  17. 17. BRIDGING-IN  Example:  Lesson: Corporate Security  Topic: Firewalls  Bridge-in: Knowing how to configure a firewall correctly could be the difference between having a hacker access you organizations assets or simply receiving a message from your pager  While it is the learners responsibility to learn, bridging-in provides a meaningful link between the objective of the lesson and its value to the learners *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  18. 18. INSTRUCTIONAL OBJECTIVE  Is a statement indicating what the learners will be able to do at the conclusion of instruction  Clearly defined objectives;  Constitute a basis for the selection of instruction material, content or techniques  create a basis for determining when the instructional purpose has been achieved  provide a learner with the means to organize efforts towards accomplishment of learning tasks *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  19. 19. INSTRUCTIONAL OBJECTIVE  Types of learning objectives;  Cognitive; intellectual outcomes  Psychomotor; new physical skills  Affective; attitudes, values, beliefs  Elements of well defined objectives;  Performance, what will the learner have accomplished?  Conditions, the conditions under which the learner will demonstrate mastery of the objective?  Criteria, the quality or level of performance considered acceptable *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  20. 20. PRE-TEST  The pre-test determines what the learners already know. This ensures that teaching begins at the right point in the subject material.  The pre-test can be informal question and answer session or a more formal test given to each individual student.  Instructors benefits are; provide direction for the instructor, address learners over confidence, clarify the course objectives, focus students attention  Learners benefits are; allow learners to provide feedback, motivate learners, determine what learners do or don’t know *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  21. 21. PARTICIPATORY LEARNING  Whenever possible instructors should endeavor to have students actively involved in achieving the desired outcomes  Psychomotor skills are best mastered through repeated practices combined with feedback  Concepts and theories frequently evolve as a result of discussion, debate, dialogue and other forms of testing ideas  Changes in attitude results from the integration and synthesis of new information by the learners *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  22. 22. POST-TEST  The type of testing we choose will depend on the instructional objective. The following are three types of learning along with relevant types of test questions:  Knowledge (knowing); multiple choice, true/false, matching, completing, short answer, identifying  Skill (doing); checklists, rating scales  Attitude (feeling); attitude scales, performance, essays *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  23. 23. MINI-LESSON PLANNER *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  24. 24. GIVING & RECEIVING FEEDBACK  You can best benefit from your mini-lesson if you receive clear feedback. This necessitates an open and caring environment where fellow participants feel comfortable to offer honest feedback, motivated by your willingness to receive it.  Feedback helps learners to consider changing their habits  Feedback assists learners by keeping their behavior on target with goals and objectives  Feedback helps the instructor to measure how well the learners are coping with the chosen method of instruction *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  25. 25. GIVING USEFUL FEEDBACK  Constructive feedback is descriptive rather than evaluative  Specific rather than general  Considers the needs of the receiver and giver  Is directed toward the behavior that the receiver can change  Is solicited rather than imposed  Is well-timed  Is checked to ensure clearly communicated *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  26. 26. RECEIVING FEEDBACK  Ask for specific information  Paraphrase what you hear  Make eye contact with the giver  Accept all feedback initially  Ask for specifics if unclear  Give honest, experiential responses  Focus on the positive  Determine importance  Separate feeling from content *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  27. 27. MINI-LESSON PLAN EVALUATION *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  28. 28. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNA Skype; Mark_E_S_Bernard Twitter; @MESB_TechSecure LinkedIn; http://ca.linkedin.com/in/markesbernard

×