S 2.197 Drawing up a training concept for IT security

Initiation responsibility: IT Security Officer

Implementation responsibility: IT Security Officer, Supervisor

Information security affects all employees without any exceptions. Every individual, through responsible and quality-conscious actions, must help to avoid damage and thus contribute to the success of the organisation. Integration of the employees in the security process includes the following tasks:

Motivation and working conditions

The top management of the government agency or company must create a positive working climate and encourage employees to promote information security. This includes the following aspects, among others:

Training and raising awareness

Another task that needs to accompany the entire security process is the organisation and execution of training and awareness-raising measures. The company or government agency should develop a training and awareness-raising concept for this purpose. A more detailed treatment of this topic can be found in module S 1.13 Information security awareness and training.

Employee involvement

Employees must understand the reasons for the security measures. In addition, the employees should be involved in the early planning stages of the security safeguards or in the development of organisational rules relating to security.

Security safeguards for personnel

There are a number of personnel security aspects that need to be taken into account by all of the personnel working in a company or government agency. Security safeguards do not only apply to the organisation's own employees, but also to the external employees of service providers or co-operation partners. A number of safeguards are necessary starting from the time the employees are hired and receive their initial training and continuing until they leave the organisation. The necessary security safeguards are described in module S 1.2 Personnel.

Review questions:

© Federal Office for Information Security. All rights reserved.