Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Staff guidance and training procedure in cyber security

Critical
High
Normal
Low

Our organization has defined procedures for maintaining staff's cyber security awareness.These may include e.g. the following things:

  • staff receive instructions describing the general guidelines of digital security related to their job role
  • staff receive training to maintain the appropriate digital and cyber security skills and knowledge required for the job role
  • staff demonstrate through tests that they have the security skills and knowledge required for the job role

Training should focus on the most relevant security aspects for each job role and include often enough the basics, which concern all employees:

  • employee's personal security responsibilities (e.g. for devices and processed data)
  • policies relevant for everyone (e.g. security incident reporting)
  • guidelines relevant for everyone (e.g. clean desk)
  • organization's security roles (who to contact with problems)
Connected other frameworks and requirements:
T11: Turvallisuuskoulutus ja -tietoisuus
2 luku, 4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
29. Processing under the authority of the controller or processor
GDPR
32. Security of processing
GDPR
7.2.1: Management responsibilities
ISO 27001

Disciplinary process for security breaches

Critical
High
Normal
Low

Our organization has defined the actions to be taken in the event of a breach of confidentiality. These may include e.g. the following steps:

  • investigating what data was breached and how harmful this was
  • investigating the intentionality of the act
  • investigating what was set as conseguence on the confidentiality agreement
  • deciding whether and how to proceed (e.g. legal actions)
  • deciding whether outside assistance is needed
Connected other frameworks and requirements:
7.2.3: Disciplinary process
ISO 27001
PR.IP-11: Cybersecurity in human resources
NIST CSF
5.28: Collection of evidence
ISO 27001
6.4: Disciplinary process
ISO 27001
7.3: Awareness
ISO 27001
No items found.