Recommended
Recommended
More Related Content
Similar to IS/DPP for staff #1 - intro
Similar to IS/DPP for staff #1 - intro (19)
More from Tommy Vandepitte
More from Tommy Vandepitte (20)
Recently uploaded
Recently uploaded (20)
IS/DPP for staff #1 - intro
- 1. - Internal - IS/DPP Baseline Training E-learning - Intro
- 2. 2 - Internal - Page IS/DPP INFORMATION SECURITY DATA PROTECTION PRIVACY
- 3. 3 - Internal - Page IS/DPP INFORMATION SECURITY DATA PROTECTION PRIVACY
- 4. 4 - Internal - Page IS/DPP INFORMATION SECURITY DATA PROTECTION PRIVACY
- 5. 5 - Internal - Page Why Do We Need Training?
- 6. 6 - Internal - Page Training Objectives Create awareness about IS/DPP
- 7. 7 - Internal - Page Training Objectives Create awareness about IS/DPP Give a high-level overview of the ACG policy framework on IS/DPP Refresh the basics and principles on IS/DPP
- 8. 8 - Internal - Page Training Objectives Create awareness about IS/DPP Give a high-level overview of the ACG policy framework on IS/DPP Refresh the basics and principles on IS/DPP Answer the question: “What is my role, as a staff member, in IS/DPP?” Give some guidance on good and bad practice.
- 9. 9 - Internal - Page Training Objectives Create awareness about IS/DPP Give a high-level overview of the ACG policy framework on IS/DPP Refresh the basics and principles on IS/DPP Answer the question: “What is my role, as a staff member, in IS/DPP?” Give some guidance on good and bad practice. Provide signposting to where you can find more information and guidance
- 10. 11 - Internal - Page What will You Learn? What is information classification? Why is it needed? What are the different classification levels of data handled at ABC?
- 11. 12 - Internal - Page What will You Learn? What is information classification? Why is it needed? What are the different classification levels of data handled at ABC? What are the general principles of IS/DPP?
- 12. 13 - Internal - Page What will You Learn? What is information classification? Why is it needed? What are the different classification levels of data handled at ABC? What are the general principles of IS/DPP? What are “layers of defense”?
- 13. 14 - Internal - Page What will You Learn? What is information classification? Why is it needed? What are the different classification levels of data handled at ABC? What are the general principles of IS/DPP? What are “layers of defense”? How do I, as a staff member, contribute to those layers of defense?
- 14. 16 - Internal - Page For ACG
- 15. 17 - Internal - Page Centrally
- 16. 18 - Internal - Page You
- 17. 19 - Internal - Page For You
- 18. 20 - Internal - Page For You
- 19. 21 - Internal - Page IS/DPP is not… (just) hacking
- 20. 22 - Internal - Page IS/DPP is also… social engineering.
- 21. 23 - Internal - Page IS/DPP is also… incidents.
- 22. 24 - Internal - Page IS/DPP is also… thinking like an attacker
- 23. 25 - Internal - Page IS/DPP is not… new Code of Conduct: I. I act fairly, honestly and transparently II. I respect others III. I comply with the law and professional standards IV. I comply with instructions V. I manage conflicts of interest VI. I comply with data protection and information security VII. I work in the customer’s best interest VIII. I protect ABC’s interests IX. I act professionally X. I report any irregularity observed Insert ABC’s code of conduct principles, e.g.
- 24. 26 - Internal - Page ABC IS/DPP Policy Framework
- 25. 27 - Internal - Page ABC IS/DPP Policy Framework About continuously Changes • In the regulatory environment • In processes • In people (JLT) • In technology
- 26. 28 - Internal - Page ABC IS/DPP Policy Framework About continuously Environment Physical Human Device Application Repository Carrier Changes • In the regulatory environment • In processes • In people (JLT) • In technology Network Data 3rd Parties
- 27. 29 - Internal - Page Blocks in the Course Environment Physical Human Device Application Repository Carrier Changes • In the regulatory environment • In processes • In people (JLT) • In technology Network Data 3rd Parties 1. Introduction 2. Why? 3. Data (Classification) 4. Layers 5. Access 6. Acceptable Use 7. Incidents 8. Monitoring
- 28. 30 - Internal - Page More Information on IS/DPP at ABC Intranet: (insert hyperlink)
- 29. 31 - Internal - Page Relevant Points of Contact IT Helpdesk Incidents Information Security Officer ISO Support relating to information security (= overall + more technical side) Data Protection Officer DPO Support relating to personal data protection Information Asset Owner IAO Centralization of information / documentation on an Information Asset Human Resources HR Support on Join, Leave, Transfer Procurement Unit Support on Relationships with Third Parties Legal Unit Support on agreements Marketing Unit Support on use of (personal) data for marketing Who is Who in IS/DPP?
- 30. 32 - Internal - Page What do we Expect of You? General Mandatory “Please” “Pretty Please” Baseline Test X Baseline Videos X Higher Belt Test X Extra Videos X Policies X Guidelines X Monitoring X Useful links X Target Group Mandatory “Please” “Pretty Please” Classroom Training X Test X
- 31. 33 - Internal - Page But Most of All… IS/DPP
Editor's Notes
- Welcome to the IS/DPP baseline training. It is called a baseline training because it is a training for all staff, both internal and external, on the basics of IS/DPP. Some staff members may be requested to follow a level up training because they need some in depth knowledge on the topic in the context of their function or role.
- Information security is the broad domain of setting up technical and organisational measures to keep information confined to a number of authorized persons (confidentiality), to keep information unchanged so we can rely on the fact that the document we store or send to somebody is not tampered with (integrity), and to have the information available if and when needed (availability).
- Data Protection - in our context - relates to the protection of personal data as required by the law. In Belgium that is the 1992 Personal Data Protection Act. That act was later slightly amended to meet the requirements of a 1995 European Directive on the topic. As from 25 May 2018 that legislation will largely be replaced by the European General Data Protection Regulation (generally shortened to GDPR). We also keep in mind that next to that general data protection legislation, there are a number of specific statutes and regulations. For example the Payment Card Industry Data Security Standard (also known as PCI DSS), which applies to banks and payment institutions.
- Privacy is the human right legally protected in a number of international treaties and in constitutions. It is a concept that is not well-defined and to most people relates to their personsal perception of the things that are only shared with family and friend and to intimacy. And that is the main difference with data protection, which to a great extent abstracts from that personal perception.
- Why do we need training?
- This training has a few objectives. First off we consider it a way to create awareness on the topic.
- Second, we want to draw attention to the ABC Group policy framework by giving a high-level overview and by refreshing the basic principles.
- Third, we want to make the topic “alive” in your day to day job at ABC. We give some guidance on what is a good practice and what is not.
- And last, we want to promote the channels where we have posted more information and guidance on the topic.
- After this training we hope you will be able to explain what information classifcation is and why any organisation needs it. what th principles of IS/DPP are. what the layers of defense are. what your role is in all this.
- After this training we hope you will be able to explain what information classifcation is and why any organisation needs it.
- what the principles of IS/DPP are.
- what the layers of defense are.
- what your role is in all this.
- At ABC the TRUST of our customers is at the core of our business. Protecting the (personal) data of our customers is not only a legal obligation, but more importantly is a big part of gaining their trust. Some aspects of what we call “information security, data protection and privacy” (IS/DPP) are managed centrally, “behind the curtains”. Nevertheless a key role in making IS/DPP work is YOU, the individual staff member.
- At ABC the TRUST of our customers is at the core of our business. Protecting the (personal) data of our customers is not only a legal obligation, but more importantly is a big part of gaining their trust.
- Some aspects of what we call “information security, data protection and privacy” (IS/DPP) are managed centrally, “behind the curtains”.
- Nevertheless a key role in making IS/DPP work is YOU, the individual staff member.
- Using (personal) data just for the execution of your job and applying common sense in protecting that data, goes a long way. But it helps to be reminded of some principles of IS/DPP and lift the veil of what is happening centrally to make all of us and ABC Group as a whole even better at it.
- The topic is not only interesting to you as a staff member. You are also a data subject yourself who’s data is being processed by a number of companies on a daily basis.
- IS/DPP is more than just hacking. It is not only related to protection from highly skilled IT guys. There is a lot more to it than that.
- Information can be stolen, changed or deleted by a person who succeeds in talking his way through the security measures on the phone or even in our offices.
- We can also have a problem when you make a mistake or when we set up the access rights incorrectly.
- In any case, thinking of IS/DPP from an attackers point of view makes us more aware of (potential) vulnerabilities.
- IS/DPP is also not new. It is already in the code of conduct. As you will understand by the end of this training, rule number 6 is the explicit reference to information security and data protection, but most of the other rules have some relation to IS/DPP as well.
- IS/DPP for the ABC Group has been further worked out in a comprehensive framework. Due to the continuous changes in our operations, the legislation, potential attacks, etc. …
- this framework is continuously under construction. All policies of the framework will be communicated in full. However for the purpose of this training
- we have chosen to represent it visually as a layered structure.
- How does the course look? Well, we have chopped up this e-learning in different blocks. That way, we hope, you can more easily at look at them without taking you away from your job for too long. Also, should you want to revisit one of the topics, you should be able to do so quite easily. Additionally, it allows us to update one block, without having to re-work the entire video.
- In this training we will only touch upon the principles of IS/DPP. For more information we refer to the folder "company policies" on the intranet.
- You are an important part of ABC Group's defence. But you are not alone. There are a number of centers of competence you can go to. Here is a list with their functions. If you want to put a face to it, ask your line management or check the sharepoint webportal section “who is who in IS/DPP?”
- What do we expect of you? There is basically only one thing we actually require from you: pass the baseline test (yellow belt). However, we hope we can convince you to go beyond that and that you watch the other materials we have made available for you. If you are a member of a target group (IT, HR, procurement, project management, …) you will additionally be requested to follow a classroom training and/or a specific test.
- The test is one thing. Our call to action for you is simple: help us protect ABC Group’s data. And for that… thank you.