Procedural and People Security Controls

This Lesson looks at ways in which the threats and vulnerabilities associated with the people who use IT systems can be mitigated. It highlights the important people security implications and how a security culture can be developed, then it investigates how user access controls can be effectively integrated with IT systems. Finally, it looks at the role of security training and awareness.

Learning objectives

The objectives of this Lesson are to provide you with and understanding of:

• The people threats facing organisations and the importance of a security culture
• Practical people controls, including employment contracts, service contracts, codes of conduct and acceptable use policies
• Access controls, including authentication and authorisation, passwords, tokens and biometrics
• The importance of data ownership, privacy; access points, identification and authentication mechanisms, and information classification
• How organisations can raise security awareness and the different approaches to deliver security-related training

Intended audience

This Lesson is ideal for members of information security management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities. It acts as a foundation for more advanced managerial or technical qualifications.

Prerequisites

There are no specific pre-requisites to study this Lesson, however, a basic knowledge of IT, an understanding of the general principles of information technology security, and awareness of the issues involved with security control activity would be advantageous.

Feedback

We welcome all feedback and suggestions - please contact us at support@cloudacademy.com if you are unsure about where to start or if would like help getting started.