IT Induction and Information Security Awareness

IT Induction and Information Security Awareness: A Pocket Guide

VALERIE MADDOCK
Copyright Date: 2010
Published by: IT Governance Publishing
Pages: 51
https://www.jstor.org/stable/j.ctt5hh6cj
  • Cite this Item
  • Book Info
    IT Induction and Information Security Awareness
    Book Description:

    This book offers you practical advice on how to develop an IT Induction programme for your staff that can help safeguard your business information. By providing your employees with simple instruction in good IT working practices, and by making sure they know what is expected of them, you can strengthen your company’s information security and reduce the risk that your data will be stolen or lost.

    eISBN: 978-1-84928-034-1
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 1-4)
  2. FOREWORD
    (pp. 5-7)
    David Lacey

    It’s widely accepted that attention to the needs of people, process and technology is the foundation of effective information governance. Good process design and smart technology will not by themselves deliver the goods. People are the real key to successful exploitation of information and technology. People create, use and interpret data. They manage information systems and administer access rights, and they control an array of increasingly powerful desktop devices. People also make mistakes and create incidents. But at the same time, they can also identify risks, prevent incidents and respond to crises.

    In everyday use of IT, it’s often the...

  3. PREFACE
    (pp. 8-9)
  4. ABOUT THE AUTHOR
    (pp. 10-10)
  5. Table of Contents
    (pp. 11-11)
  6. CHAPTER 1: PUTTING IT INDUCTION IN PERSPECTIVE
    (pp. 12-15)

    Do you find the terms IT Induction and IT Introduction being used interchangeably? If yes, then it is also likely that you will have new employees in your organisation who, being IT competent, are wondering why they need to attend an IT Introduction programme, and are most likely raising objections at such a proposition. Understandably so. If you are not experiencing a conflict of these terms then you are in an enviable position.

    Introductionis about a first experience of a subject or activity, so you would expect anIT Introductionprogramme to focus on instruction on how to use...

  7. CHAPTER 2: THE TARGET AUDIENCE
    (pp. 16-19)

    Generally, organisations provide an induction for all new employees, and this may be a generic programme or tailored to meet job profiles. As this pocket guide is focusing on IT Induction, does this change the target audience, and should IT Induction be specific to job profiles?

    Certainly there is a valid argument that tailoring an induction programme to specific roles is likely to be more effective than a generic stance, although more time-consuming and potentially more expensive to develop and deliver. For instance, there may be a number of specialist IT roles in your organisation, including staff in the IT...

  8. CHAPTER 3: WHOSE RESPONSIBILITY IS IT ANYWAY?
    (pp. 20-25)

    Who is responsible for employee education in your organisation? The responsibility often lies within the HR department or a separate Learning and Development unit. However, it is not unknown to have subject matter experts scattered across the organisation that have individual educational responsibilities. And, increasingly, learning and development is outsourced to third party organisations.

    Quite frankly, it doesn’t really matter who has the responsibility, as long as employee education happens. This does not imply that the relevance and quality of the educational programmes are not important, but to simply underline the fact that someone, somewhere, has to have a recognised...

  9. CHAPTER 4: INDICATIVE CONTENT
    (pp. 26-35)

    Having established the case and audience for IT Induction, this chapter will look into the programme in more detail, suggesting content that you may adopt or adapt to your own organisational needs. At this point, it often helps to be reminded of the aim of the programme. For example:

    To inform system users of: the IT facilities and services that are available to them; current IT policies and guidelines; and to endorse individual responsibilities and working practices whilst using the organisation’s information systems.

    How can we now turn this into practical content? It is probably easier to imagine yourself as...

  10. CHAPTER 5: DELIVERY OPTIONS
    (pp. 36-41)

    Having decided on the content for your IT Induction, you will then need to decide on the best way to communicate this information to your new users. The method of delivery you choose will depend on your organisation, the facilities and resources you have available and certain characteristics of your new users. Some of the factors to consider in choosing the delivery method(s) may include:

    Number of staff involved.

    Geographical location of users.

    Staff availability; for instance do staff work shift patterns?

    Availability of relevant teaching/subject matter expertise.

    Time restrictions on the learning.

    Flexibility expectations.

    How often the information will...

  11. CHAPTER 6: MAKING IT INDUCTION PART OF A NEW USER PROCESS
    (pp. 42-45)

    At this stage in the IT Induction journey you are now ready to share IT Induction with your users, and regardless of how you have decided to deliver this knowledge, which was discussed inChapter 5, how can you ensure that all your target audience participate in the programme?

    It will certainly help if you have gained approval from senior management to make IT Induction a mandatory activity for a new starter. However, if this proves too difficult to achieve in the short term, then having an optional IT Induction programme is far better than not having one at all....

  12. CHAPTER 7: IT INDUCTION – A ONE TIME ONLY EXPERIENCE?
    (pp. 46-48)

    Throughout this pocket guide there has been the suggestion that IT Induction is a one time only experience for new users. However, if the content of your IT Induction goes beyond informing users of file storage locations, and has a good information security element, it is worth considering ways in which users could revisit IT Induction, in so doing reinforcing user responsibilities and good working practice. Here are four scenarios where revisiting the IT Induction may be appropriate in your organisation:

    Revisiting the IT Induction could be timed around staff annual appraisals, and you may even consider making this an...

  13. ITG RESOURCES
    (pp. 49-51)