Information Security

Increase Awareness? An explanation of awareness in ISO 27001 information security.

Increase Awareness? An explanation of awareness in ISO 27001 information security.
How do you create awareness and how can awareness be used to prevent a potential internal data breach? Creating awareness around information security is essential for achieving and maintaining certifications such as ISO/IEC 27001. During audits, the level of awareness within an organization is tested, and this is critical to the management system.
This article was last updated on
9/2/2024

Awareness within a management system?

An important part of achieving and/or maintaining certification for your organization is awareness. During the audits of the ISO/IEC 27001 information security standard, various subjects are tested to determine whether the organization has sufficient awareness. The importance of information security is brought to the attention through the management system. The organization strives to increase the awareness level of staff, contractors and other stakeholders.

Importance of information security

How do you deploy the right resources and tools to raise awareness within the organization, on the topic of information security?

By setting up the management system, using the PDCA model, awareness can be continuously improved. The PDCA model is used to continuously monitor whether the planned components are being achieved and where improvements can be made. In the management system, opportunities and risks are analyzed. Based on this analysis, a selection can be made of subjects in which awareness can be increased.

Focus on behavior and human error

By actively paying attention to behavior, you increase user awareness. In fact, the "Annual Data Breach Report 2017" by the Personal Data Authority, shows that almost 80% of all internal data breaches originate from human error. The most common forms of data leaks are misdirecting emails and losing data carriers (such as USB sticks).

How do you increase awareness?

To raise awareness, several methods are effective:

  • Information Security Onboarding Program: Integrate information security into the onboarding process for new employees.
  • Periodic Awareness Sessions: Hold regular sessions covering relevant topics and raising awareness.
  • Phishing Simulations: Run regular phishing simulations to make employees aware of potential threats.
  • Visual Aids: Distribute flyers, posters, or newsletters to provide visual reminders of information security.
  • E-learning Modules: Offer courses and e-learning modules to go deeper into information security.‍

‍Theseare just a few examples to raise awareness within your organization. In fact, each organization requires a different approach.

Awareness training customized for your organization

‍Byproperly implementing an awareness plan, you reduce the likelihood of potential incidents. As a result, staff become more aware and you prevent damage to your image. At Fendix, we offer several Awareness packagestailored to your organization.

Jelle van Onna
Information Security Consultant
085 773 60 05
To news overview

Related articles

Klantcase
Succesverhaal: Hoe Total Energies Charging Solutions Nederland meer dan een certificaat behaalde met de implementatie van de ISO 27001
read more
News
Play the Cybersecurity Awareness Escape Room at your location now
read more
KAM Certifications is now Fendix

We are a partner of