| Security awareness is knowledge and attitude | | | | of two-factor authentication |
| members of an organization possess regarding | | | | Other computer security concerns, including malware, |
| protection of the physical and information assets of | | | | phishing, social engineering, etc. |
| that organization. Many organizations require formal | | | | Workplace security, including building access, wearing |
| security awareness training for all employees when | | | | of security badges, reporting of incidents, forbidden |
| they take up sensitive assignments and, in some | | | | articles, etc. |
| cases, periodically thereafter. | | | | Consequences of failure to properly protect |
| Topics covered in security awareness training include: | | | | information, including potential loss of employment, |
| The nature of sensitive material and physical assets | | | | economic consequences to the firm, damage to |
| they may come in contact with, such as trade secrets, | | | | individuals whose private records are divulged, and |
| privacy concerns and government classified | | | | possible civil and criminal penalties |
| information | | | | Being Security Aware means you understand that |
| Employee and contractor responsibilities in handling | | | | there is the potential for some people to deliberately or |
| sensitive information, including review of employee | | | | accidentally steal, damage, or misuse the data that is |
| nondisclosure agreements | | | | stored within our computer systems and through out |
| Requirements for proper handling of sensitive material | | | | our organization. Therefore, it would be prudent to |
| in physical form, including marking, transmission, storage | | | | support the assets of our institution (information, |
| and destruction | | | | physical, and personal) by trying to stop that from |
| Proper methods for protecting sensitive information on | | | | happening. |
| computer systems, including password policy and use | | | | |