Security Awareness Program

Last updated on February 29, 2024

Security awareness should be ongoing within the organization; hence a security plan is necessary. A security plan should outline all the methods, trainings, and activities that promote a security culture (e.g. social engineering exercises, security courses, etc.). The plan should typically be for a year, should be reviewed at the end of the year, and signed-off by Executives.

Expert Opinion - Security Awareness Program

Control Objective

Program is documented, followed, reviewed, and updated regularly
Includes annual information security course for employees
Educate users on common threats and impacts to business such as not sharing credentials, not clicking on suspicious links and attachments, reporting security incidents, maintaining clean desk, locking inactive systems, and concealing valuables
Should be tailored for the employee roles
Annual signoff of the plan

Annual security course for government is coming – will be mandatory – doesn’t enforce pass rate today

Resources

Security Awareness Template (XLSX)

CDT Information Security Awareness

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics

Security Awareness Program

Expert Opinion - Security Awareness Program

Control Objective

Resources