Post on 14-Apr-2017
- Internal -
IS/DPP Baseline Training
E-learning - Intro
2- Internal - Page
IS/DPP
INFORMATION SECURITY
DATA PROTECTION
PRIVACY
3- Internal - Page
IS/DPP
INFORMATION SECURITY
DATA PROTECTION
PRIVACY
4- Internal - Page
IS/DPP
INFORMATION SECURITY
DATA PROTECTION
PRIVACY
5- Internal - Page
Why Do We Need Training?
6- Internal - Page
Training Objectives
Create awareness about IS/DPP
7- Internal - Page
Training Objectives
Create awareness about IS/DPP
Give a high-level overview of the ACG policy framework on IS/DPP Refresh the basics and principles on IS/DPP
8- Internal - Page
Training Objectives
Create awareness about IS/DPP
Give a high-level overview of the ACG policy framework on IS/DPP Refresh the basics and principles on IS/DPP
Answer the question: “What is my role, as a staff member, in IS/DPP?” Give some guidance on good and bad practice.
9- Internal - Page
Training Objectives
Create awareness about IS/DPP
Give a high-level overview of the ACG policy framework on IS/DPP Refresh the basics and principles on IS/DPP
Answer the question: “What is my role, as a staff member, in IS/DPP?” Give some guidance on good and bad practice.
Provide signposting to where you can find more information and guidance
11- Internal - Page
What will You Learn?
What is information classification? Why is it needed? What are the different classification levels of data handled at ABC?
12- Internal - Page
What will You Learn?
What is information classification? Why is it needed? What are the different classification levels of data handled at ABC?
What are the general principles of IS/DPP?
13- Internal - Page
What will You Learn?
What is information classification? Why is it needed? What are the different classification levels of data handled at ABC?
What are the general principles of IS/DPP?
What are “layers of defense”?
14- Internal - Page
What will You Learn?
What is information classification? Why is it needed? What are the different classification levels of data handled at ABC?
What are the general principles of IS/DPP?
What are “layers of defense”? How do I, as a staff member, contribute to those layers of defense?
16- Internal - Page
For ACG
17- Internal - Page
Centrally
18- Internal - Page
You
19- Internal - Page
For You
As a part of ACG handling ACG data
20- Internal - Page
For You
As a data subject:
staff member, cardholder,…
As a part of ACG handling ACG data
21- Internal - Page
IS/DPP is not… (just) hacking
22- Internal - Page
IS/DPP is also… social engineering.
23- Internal - Page
IS/DPP is also… incidents.
24- Internal - Page
IS/DPP is also… thinking like an attacker
25- Internal - Page
IS/DPP is not… new
Code of Conduct:
I. I act fairly, honestly and transparentlyII. I respect othersIII. I comply with the law and professional standardsIV. I comply with instructionsV. I manage conflicts of interestVI. I comply with data protection and information securityVII. I work in the customer’s best interestVIII. I protect ABC’s interestsIX. I act professionallyX. I report any irregularity observed
Insert ABC’s code of conduct principles, e.g.
26- Internal - Page
ABC IS/DPP Policy Framework
27- Internal - Page
ABC IS/DPP Policy FrameworkAbout continuously
Changes• In the regulatory environment• In processes• In people (JLT)• In technology
28- Internal - Page
ABC IS/DPP Policy FrameworkAbout continuously
Environment
Physical
HumanDevice
Application
Repository
Carrier
Changes• In the regulatory environment• In processes• In people (JLT)• In technology
Net
wor
k
Data
3rd Parties
29- Internal - Page
Blocks in the Course
Environment
Physical
HumanDevice
Application
Repository
Carrier
Changes• In the regulatory environment• In processes• In people (JLT)• In technology
Net
wor
k
Data
3rd Parties
1. Introduction
2. Why?
3. Data (Classification)
4. Layers
5. Access
6. Acceptable Use
7. Incidents
8. Monitoring
30- Internal - Page
More Information on IS/DPP at ABC
Intranet: (insert hyperlink)
31- Internal - Page
Relevant Points of Contact
IT Helpdesk Incidents
Information Security OfficerISO
Support relating to information security (= overall + more technical side)
Data Protection OfficerDPO
Support relating to personal data protection
Information Asset OwnerIAO
Centralization of information / documentation on an Information Asset
Human ResourcesHR
Support on Join, Leave, Transfer
Procurement Unit Support on Relationships with Third Parties
Legal Unit Support on agreements
Marketing Unit Support on use of (personal) data for marketing
Who is Who in IS/DPP?
32- Internal - Page
What do we Expect of You?
General Mandatory “Please” “Pretty Please”Baseline Test X
Baseline Videos X
Higher Belt Test X
Extra Videos X
Policies X
Guidelines X
Monitoring X
Useful links X
Target Group Mandatory “Please” “Pretty Please”Classroom Training X
Test X
33- Internal - Page
Be a Hero. Help us Protect.But Most of All…
IS/DPP