Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IS/DPP for staff #1 - intro

64 views

Published on

An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This is an introduction explaining
- the difference between information security, data protection and privacy,
- the need and usefulness for staff engagement
The slides come with notes that in short explain the visuals on the slides.

Published in: Education
  • Be the first to comment

  • Be the first to like this

IS/DPP for staff #1 - intro

  1. 1. - Internal - IS/DPP Baseline Training E-learning - Intro
  2. 2. 2 - Internal - Page IS/DPP INFORMATION SECURITY DATA PROTECTION PRIVACY
  3. 3. 3 - Internal - Page IS/DPP INFORMATION SECURITY DATA PROTECTION PRIVACY
  4. 4. 4 - Internal - Page IS/DPP INFORMATION SECURITY DATA PROTECTION PRIVACY
  5. 5. 5 - Internal - Page Why Do We Need Training?
  6. 6. 6 - Internal - Page Training Objectives  Create awareness about IS/DPP
  7. 7. 7 - Internal - Page Training Objectives  Create awareness about IS/DPP  Give a high-level overview of the ACG policy framework on IS/DPP  Refresh the basics and principles on IS/DPP
  8. 8. 8 - Internal - Page Training Objectives  Create awareness about IS/DPP  Give a high-level overview of the ACG policy framework on IS/DPP  Refresh the basics and principles on IS/DPP  Answer the question: “What is my role, as a staff member, in IS/DPP?”  Give some guidance on good and bad practice.
  9. 9. 9 - Internal - Page Training Objectives  Create awareness about IS/DPP  Give a high-level overview of the ACG policy framework on IS/DPP  Refresh the basics and principles on IS/DPP  Answer the question: “What is my role, as a staff member, in IS/DPP?”  Give some guidance on good and bad practice.  Provide signposting to where you can find more information and guidance
  10. 10. 11 - Internal - Page What will You Learn?  What is information classification? Why is it needed? What are the different classification levels of data handled at ABC?
  11. 11. 12 - Internal - Page What will You Learn?  What is information classification? Why is it needed? What are the different classification levels of data handled at ABC?  What are the general principles of IS/DPP?
  12. 12. 13 - Internal - Page What will You Learn?  What is information classification? Why is it needed? What are the different classification levels of data handled at ABC?  What are the general principles of IS/DPP?  What are “layers of defense”?
  13. 13. 14 - Internal - Page What will You Learn?  What is information classification? Why is it needed? What are the different classification levels of data handled at ABC?  What are the general principles of IS/DPP?  What are “layers of defense”?  How do I, as a staff member, contribute to those layers of defense?
  14. 14. 16 - Internal - Page For ACG
  15. 15. 17 - Internal - Page Centrally
  16. 16. 18 - Internal - Page You
  17. 17. 19 - Internal - Page For You
  18. 18. 20 - Internal - Page For You
  19. 19. 21 - Internal - Page IS/DPP is not… (just) hacking
  20. 20. 22 - Internal - Page IS/DPP is also… social engineering.
  21. 21. 23 - Internal - Page IS/DPP is also… incidents.
  22. 22. 24 - Internal - Page IS/DPP is also… thinking like an attacker
  23. 23. 25 - Internal - Page IS/DPP is not… new Code of Conduct: I. I act fairly, honestly and transparently II. I respect others III. I comply with the law and professional standards IV. I comply with instructions V. I manage conflicts of interest VI. I comply with data protection and information security VII. I work in the customer’s best interest VIII. I protect ABC’s interests IX. I act professionally X. I report any irregularity observed Insert ABC’s code of conduct principles, e.g.
  24. 24. 26 - Internal - Page ABC IS/DPP Policy Framework
  25. 25. 27 - Internal - Page ABC IS/DPP Policy Framework About continuously Changes • In the regulatory environment • In processes • In people (JLT) • In technology
  26. 26. 28 - Internal - Page ABC IS/DPP Policy Framework About continuously Environment Physical Human Device Application Repository Carrier Changes • In the regulatory environment • In processes • In people (JLT) • In technology Network Data 3rd Parties
  27. 27. 29 - Internal - Page Blocks in the Course Environment Physical Human Device Application Repository Carrier Changes • In the regulatory environment • In processes • In people (JLT) • In technology Network Data 3rd Parties 1. Introduction 2. Why? 3. Data (Classification) 4. Layers 5. Access 6. Acceptable Use 7. Incidents 8. Monitoring
  28. 28. 30 - Internal - Page More Information on IS/DPP at ABC Intranet: (insert hyperlink)
  29. 29. 31 - Internal - Page Relevant Points of Contact IT Helpdesk Incidents Information Security Officer ISO Support relating to information security (= overall + more technical side) Data Protection Officer DPO Support relating to personal data protection Information Asset Owner IAO Centralization of information / documentation on an Information Asset Human Resources HR Support on Join, Leave, Transfer Procurement Unit Support on Relationships with Third Parties Legal Unit Support on agreements Marketing Unit Support on use of (personal) data for marketing Who is Who in IS/DPP?
  30. 30. 32 - Internal - Page What do we Expect of You? General Mandatory “Please” “Pretty Please” Baseline Test X Baseline Videos X Higher Belt Test X Extra Videos X Policies X Guidelines X Monitoring X Useful links X Target Group Mandatory “Please” “Pretty Please” Classroom Training X Test X
  31. 31. 33 - Internal - Page But Most of All… IS/DPP

×