Information Security Awareness Training Document

Information Security Awareness
Training
Introduction in Information Security
Your Responsibility
Around your Working-Place
Modern Threats
Information Security Awareness Date 01.09.2016 2

Training
Modern Threats

Training
1.0 Introduction in Information Security
May 2016:
Gettysburg, russian hackers attack nonprofit

organization.
https://www.youtube.com/watch?v=8kQZsl8on
wE
What about CBM?

Are we well protected??
Chapter 1.0 (Page 1 of 12)

Training
Adobe in September 2013:
New York, Adobe target of hackers.
About 38 Million data records of Adobe

customers were stolen in the course of a hacker
attack. Among these records Data of Credit
Cards of about 3 Million registered customers
were affected.
The blackhats who executed this attack were

neither indentified nor arrested.

Training
Ebay in May 2014:
E-commerce company eBay reported that 145

million client identity information including
emails, addresses and birthdays was stolen in a
hacking attack.
The attack was made through compromised

employee accounts that allowed unauthorized
access to its corporate network, the company
said in a statement. It said the breach was first
detected about two weeks ago….
Those responsible couldn‘t be indentified.

Training
Apple in September 2015:
Hacker infiltrated Apple Store and infected Apps

developed with XcodeGhost with malware.
Apple sells XcodeGhost as official tool to

diverse App-Developers. The hacker were able
to find the way to partially well known apps and
injected these with their malware. The malware
provided lots of informations, such as: Name,
Version of the app, language, country, identity
of developers, time of installation, computer
name and type.
The damage could be bigger if the hackers

would have hacked private data of users.

Training
If Information Security is not ensured…
… can cause extensive consequences.
People contribute eminently with their own behavior and Security Awareness to the
Security of Informations. Of course this is also very important to CBM, especially if
confidential and/or personal data will be used, recorded or processed.
With this training module you will learn
•Why Information Security is so important
•Which contents of existing laws and guidelines to Information Security are important to
us
•Which tasks and responsibilities do you have in regards to Information Security

Training
Facts and Information
The primary function of Information Security is the protection against dangers

and threats, the avoidance of economic damage and the minimization of risks.
If CBM cannot ensure the protection of data sufficently e.g. personal data of a
Donor, following possible consequences could occure:
• Reputational damage
• Loss or abuse of business-critical data
• Loss of business relations
• Legal disputes
• Blackmail
• Sanctions of supervisory authorities

Training
Facts and Information

To protect data in terms of Information Security, the protection goals
Confidentiality, Availability, Integrity and Authenticity must be ensured.
• Confidentiality – Data, which have been stored or are part of a data transfer, must
be protected against an unauthorized access and modification.
• Availability – Seizure, that any authenticated and authorized person in the

excercise of their access rights cannot be unauthorized affected (e.g. system
outages).
• Integrity - Data have to be protected against unauthorized and undetected

changes, forgeries and manipulations. The changes of Data must always be
comprehensible.
• Authenticity – The originality, verifiability and reliability of an object or subject

must be ensured.

Training
Regulations
Worldwide country-specific laws and regulations are in place to protect

information and determine how information must be used. Often the use of
information is restricted and only allowed in case of specific purposes which are
sometimes exhaustive described.
Furthermore the opportunities can be strongly restricted if information have to

be transferred to other countries or third parties.
All sectors of CBM have to adhere to these country specific laws and
regulations.
As an aid organisation we are committed, that we are able to verify with

governance structures and control environment to deal with information in a
secure manner and that we follow existing laws.

Training
Significance
Why is Information Security so important for us?
Donor CBM Beneficiaries Regulations and Laws
Successively click on the above images, to get further information. Following this please click on the NEXT -
button to proceed the training.

Training
Significance
If serious
Why isInformation
Information Security so important to us?
Security Incidents would be
reach the public (TV,
Newspaper), a reputational
damage to CBM could be
initiated. Not only Donors
could lose trust in our
organization.

Training
Significance If confidential details of a

contract would be reach the
public, so
Why is Information Security e.g. business partners
important to us?
could call whole CBM into
question, lose their trust in us
and will probably cancel
existing contracts.

Training
Significance
People in need of help, who
are getting assistance of
Why is Information Security so important to us? CBM could lose their trust in
CBM if someone would
misuse their private data
(manipulated photos or
published medical charts)
especially if children are
affected.
Donor CBM Benficiaries Regulations and Laws

Training
Significance
Why is Information Security so important to us?

Offences against valid
regulations e.g. data privacy
act, could raise harsh
penalties on CBM.

Training
Modern Threats

Training
2.0 Your Responsibility
Protection of information
You are in an important role to get information protected which are available to you.
Important factors are technical security measures and regulations which are in place to
protect data e.g. of our donors, but at least with your behavior and action you can make
sure, that regulations will be followed and implemented in the daily practice and that
information will be protected appropriately.
It is your responsibility, to
• read, understand and apply correspondingly to regulations and procedures.
• share information only according to the “Need-To-Know“ Principle and act

according to valid laws and regulations.
• follow all guidelines of this training to protect information properly.

Training
The Need-to-Know-Principle
All employees have basically access to data or information in a

defined security level. The Need-to-Know-Principle prohibits
access, if the data or information is not required for a
completion of the persons task.

Training
Protection of Information
With your exemplary manner you are a good safeguard against

Information Security Incidents.
In this chapter we show you some typical scenarios which should increase your awareness in
typical situations of Information Security.
Protection Modern threats Reporting / Alert


Training
Protection
You should know how you can ensure the protection of documents, your computer further
equipment and information which you have processed or which you are using. Please always
pay attention in case of an alarm or hints from internal security systems (e.g. window appears
with a warning from the internal Anti-Virus-Program or Internet Security System). In such a
case please consider carefully what you do next. To get help please contact the helpdesk.

Training
Modern threats
You should know actual existing threats, which could impair the security of information and
and you should be in the position to seize measures against such threats.

Training
Reporting / Alert
You must be aware about potential Information Security Incidents, so that you are able to
recognize these and that you can activate an alert. The immediate report of an incident to:
helpdesk@cbm.de is very important for an execution of further measures through internal or
external Security Experts and for a gapless documentation. There is a downloadable
Reporting-Template available on Sharepoint for all CBM employees (Information Security
Incident Report)

Training
Confidential or personal Information which you are partially working with, will be probably
printed out, used and saved on mobile devices, or communicated by mobile phone. Such
information must be protected against an unauthorized access or misusage.
Furthermore you are using a computer in your everyday work. Every computer must be
protected, because such devices are providing access to confidential or personal information.

Training
Data Classification
Each file/email must be classified before sending.
Following classifications are available:

Strictly
•Strictly Confidential Confidential
•Confidential
•Internal Confidential
•External
•Public
External
Internal Public

Training
Question: At which information or data are you working at?

• Confidential information and data
Confidential information or data have to be protected against unauthorized access. This could
be: confidential content of a contract, financial data of the organization, information to
Security Incidents, strategic plans, confidential email correspondence, conversations about
future strategy of CBM. A disclosure of such information leads often to serious consequences.
(e.g. loss of confidence).
• Personal information and data
Personal information and data can be associated with a designated person (e.g. Curriculum
Vitae of an employee; List of Donors and their Account-Information; pay slip of an
employee; medical charts of benificiaries, private information of an employee etc.).
Especially personal information have to be protected, as they are liable to the data privacy
act. A violation of this law has often substancial consequences (e.g. fines).
Mnemotechnic verse: Confidential and personal data have to be classified as “Confidential“.

Training
Question: At which Information or data are you working at?

• Accessbile data or information which is open to the public
Information and Data which is open to the public can be uncritcal classified as “Public“, because
thereby it is a question of information and data e.g. of a press release which was anyway
published in a newspaper, internet or in an advertisement.
• Internal information
If an information will be used only within the own organization and if it is not confidential or
personal it is an internal information (e.g. Invitation to the Christmas staff party). But if
such information will be send to an external (e.g. contractor) then it must be classified as
“external“.
Mnemotechnic verses:
If information should be open to the public and should be send via email to individuals it
should be classified as “Public“.
Data which will be send within CBM and are neither confidential nor personal should be
classified as “Internal“.

Training
Protection of Information and data of children – Child Protection Policy of CBM

Especially in an aid organization data and information of children have to be protected in our day
to day work. Access to personal information of children is defined through a clear legal structure.
How to use such data in a conformable way to the law is content of the data privacy act and in
the Child Protection Policy of CBM.
A publication of personal or confidential data (also Photos) of children is strictly prohibited if

there is no signed consent form existing.
Before elicitation of information, data or photos of children under an age of 7 years the legal
guardian (parents) must have signed a consent form. From an age of 7 to 14 years a consent
form has to be signed by the appropriate child and the legal guardian (parents). From an age of
14 years it is lawful if the child signs the consent form by itself. But it must be ensured that
every child knows the exact reason, why the information will be taken and how it will be
published.
Mnemotechnical verse:
Please always take care especially with information of children. Never process, save or
publish data of children without a permission and much less if children are shown scantily
dressed on photos. Improvidence or Ignorance don‘t protect you against a sentence.

Training
DSGVO – General Data Protection Regulation
It‘s the implementation of the European Data

Protection Law in Germany.
To ensure CBM can control the flow of sensitive data

by email:
•An automated check takes place

•Content will be scanned for characteristic patterns,
like EU-DebitCardnumber, EU Driver's License
Number, EU Passport Number (about 50 patterns)
•If there is a conflict between the policies and
receipient a warning appears

Training
DSGVO – General Data Protection Regulation
• If you are sure you want to send the email you

can click „override“ and enter the busines reason
to send the email.
• In case of a lmit exceedance the message will be

blocked after sending
• You will be always notified and a report will be

sent to the IT security team.

Training
Modern Threats

Training
3.0 Around your Working-Place
Your Work-Desk
In pursuance of your occupation for CBM you must ensure, that no confidential or personal
information are visibly left on your desk. Unauthorized people could easily get such information
for an intentional misuse.
Which of the below shown documents are a breach to the Information Security, if they are
uncontrolled on an employees desk? Please click on each item to get an explanation.
CBM - Flyer
Curriculum Vitae of
an applicant
List of donors and the amount
of their donations Report of the last ILT
Conference

Training
Your Work-Desk
CBM - Flyer
Yes, it is not a problem to leave the CBM-Flyer uncontrolled on your work-desk. The contents
are open to the public anyway. But you should always follow the “Clean Desk“ principle. A work-
desk without paperwork is always well protected against Information Security breaches.

Training
Your Work-Desk
Curriculum Vitae of
an applicant
Please never leave a Curriculum Vitae visible on your working-desk. This document is full of
personal information which could be used by an unauthorized person for an intentional misuse.
Remember, as you already have learned, personal information must be protected against any
unauthorized access. The data privacy act has to be followed by the whole pupulation.
If any unauthorized person is able to get access to unprotected personal information in CBM and
this would raise a serious incident e.g. fraudulent transactions, manipulations, blackmailing or
defamation of the affected person, CBM would be taken completely in charge for the damage.
As this would be a violation against the valid data privacy act, CBM would probably get a high
monetary penalty, beside a global loss of confidence if the incident becomes public.

Training
Your Work-Desk
List of donors and the amount

of their donations
A list with names of donors, their contact information and donations, has to be removed from
your work-desk. Because the information on this list is confidential and contains personal data.
If these information fall into wrong hands and if such incident will be published in the media,
surely CBM becomes an embarrasing issue. Beside of a drastic fine it will cause a loss of
confidence of donors, beneficiaries and partner organizations. Furthermore CBM would get a bad
reputation.

Training
Your Work-Desk
Report of the last ILT

conference
If the report contains confidential information, which should not be disclosed, then this
document has to be removed from the work-desk if you leave.
Always leave a “Clean-Desk“ behind. Thereby you receive the assurance that no personal or
confidential information is visible and applicable for unauthorized people. Please recognize
that unauthorized people could also be internal (e.g. a colleague or an other CBM
employee).

Training
Mobile Equipment
Most certainly you are using one or more mobile devices, (e.g. Surface, Notebook, Mobile-
Phone). Please always follow these principles:
•Always keep your mobile device at a safe place.
•Don‘t use your mobile device at places, where unauthorized people are present.
•Don‘t use your mobile for confidential phone-calls, if a person could listen in to that call.
•Never copy confidential information of CBM on private storage media (e.g. private USB-Stick).
•Immediately create a report to your line-manager and to the helpdesk, if an Information

Security Incident happened (e.g. loss of mobile-phone, or notebook, in case of a theft of
confidential data).

Training
The usage of phones, fax machines, emails and printouts can raise an information leakage. In
some countries an organization is legally obliged, to inform customers, regulators and further
administrative bodies in case of a loss of Information.
Please take a look at three examples of possible misbehaviors. Please click on every person.
Please then continue with the training.
John Olivia Jack

Training
John
John has joined a conference call with colleagues and a donor and begins to talk about quantity
and amount of the last donation. He didn‘t recognized that a guest of CBM had entered the room
and that he has now disclosed confidential information.
Mnemotechnic verse:
Please always check, who is in your proximity and who joined the conference call
before discussing confidential information. If necessary move to a different room, or
discuss this item next time. As the above mentioned is a Security Incident please
immediately inform your line-manager and helpdesk about it.

Training
Olivia
Olivia sent medical charts of beneficiaries as attachements via email, but too late she
regognized, that she unfortunately took the wrong distribution list. As a result of this she sent it
to unauthorized people.
Before sending an email please always check twice if you took the right recipients.
Especially take care if your email-system uses an automatic fill-in-function and in case
of copy and paste. If such an incident occurs please immediately contact the recipient
and ask him/her to delete the message unread. Afterwards inform your Line-Manager
and the Helpdesk about your misfortune.

Training
Jack
Jack had received a huge email with confidential information of a colleague of CBM. He printed
out the complete attachment and putted it on his work-desk. When he came back from his
lunch-time the whole printout was vanished without a trace.
Mnemotechnical verses:
Think always twice, if you really must print confidential or personal information. If this
absolutely must happen don‘t leave the printout uncontrolled on your work-desk.
Especially if you work in an open plan office. Please inform immediately your line-
manager and the helpdesk about the incident.

Training
Secure Conference-Calls
Generally for every Conference-Call a dedicated Secure-
ID should be used, this ensures, that only authorized
and invited people are able to join the call. The Secure-
ID should be generated individually for each conference
call.
At the beginning of a conference call you should check,
if only invited people are in the call. If a signal occurs
you should clarify who joined or left the conference call.
Preferably conference calls should not be held in an open-plan office, if the

subject matter is confidential or contains safety related or personal data.
Especially, if an unknown person has entered the same room. In such a case
move to a different room which is not interceptable from outside (e.g. meeting-
room or refuge).

Training
Secure Conference-Calls
If you do not have the possibility, to hold a conference call regarding

confidential or personal information in an empty meeting-room or
refuge-room, postpone it! If this is not possible you should at least
avoid to speak about confidential or personal information.
Good bet: Sometimes it can be sufficient if you use restatements
and if you answer often with yes or no. With a careful behavior you
can reduce the risk to cause a breach to the Information Security.
Mnemotechnical verse:
Use always an individual Meeting-ID if you invite to a conference call. Before starting that
call and at each signal you should check the attendees. Make sure that nobody joined who
was not invited. Please hold a conference-call with confidential or personal topics
preferably in a discrete room.

Training
Tools
Today a computer has a fundamental role in your everyday work. You maybe have access to lots of
information and to different folders in the existing network environment. In some circumstances you
also save data on the local drive. All these information have to be protected against fraudulent
attempts. Same holds true for Tablet-PCs and Smart-Phones.
How can you personally save provided tools? For further information click on the items below.
Permissions
Blocking
Access

Training
Tools
Permissions
In scope of your occupation you require permissions so that you are able to work with necessary
data. Please make sure that you have these necessary permissions. If you have additional
requirements e.g. to an application, you must create a request according to the appropriate
change-process. Contact your Line-Manager if you are not sure, how you can raise a change-
request if you require necessary information for your task.

Training
Tools
Blocking
Don‘t leave your working place without locking your PC (Windows Logo Button + L, or Alt + Strg +
Del.+ Enter). If you always lock your PC you ensure that in your absence no unauthorized person
can misuse your PC without hindrance.

Training
Tools
Access
Your access to systems, should be ensured only for the appropriate range of your operation.
Changes of access-rights must be approved by your Manager to ensure the integrity of data.

Training
Connection with CBM-internal IT-Systems
The connection to a free WLAN with CBM-Hardware is only allowed if you

immediately buildup a secure connection to the internal network of CBM. The
timeframe should be as short as possible to minimize the security risk.
To safe data of CBM, portable mass storage devices like USB-Sticks, or SD-Cards,
should not be used if they cannot protected with an encryption.

Training
8 golden rules around the work in an office

1. Before you start a telephone-conference check always who has joined. On every signal you should ask
who joined or left the call.
2. Before sending an email or Fax-message check carefully addresses and fax-numbers. Remove printed
or faxed documents immediatety out of the appropriate device.
3. Always block your Computer, if you leave your work-desk.
4. If you want access data, check if you gained the correct permit.
5. Follow the “Clean Desk“ Principle. Don‘t leave documents with confidential or personal content on your
work desk.
6. Make sure that your password contains small- and capital-letters, numbers and special characters.
7. Dispose documents which contain confidential or personal data (also CD/DVD) only in one of the
positioned and closed waste container.
8. Delete your personal information on Computers, which will no longer be used


Training
Modern Threats

Training
4.0 Modern Threats
The Progress
The progress in electronics and other technologies marches on rapidly. But also the technics of
hackers to get access to information, to manipulate these or block access to it for users.
Now you already have learned, how you protect information. But there are further threats with
you probably had to deal with but you not knew, which attack you faced and how you should
react to it. Now we look at this topics und you‘ll get information how you can protect data against
such modern threats.
•Social Engineering
•Malware
•Social Network

Training
4.0 Modern Threats
Social Engineering
Social Engineering is a technic, to gain unauthiorized access to information or IT-Systems.

Therewith the attacker tries to sound somebody (employee) out. The attacker exploits and takes
advantage of common human attributes, such as helpfulness, trust, fears or respect to authority.
Thereby they manipulate a person so that it unintentially acts inadmissable.
Social Engineering can happen in different ways.
Please click on the images to get more information.
World Wide Web (www.) Phone


Training
4.0 Modern Threats
World Wide Web (www.)
Social Engineering via Internet or email is called and known as Phishing. Phishing is the trial, to get
one‘s hands on confidential and personal information, e.g. user-name and password, credit-card
numbers. and maybe further personal information, to misuse these for the attackers own purposes
(e.g. fraud, blackmail, injurious falsehood)

Training
4.0 Modern Threats
Phone
A typical attack of Social Engineering is the manipulation of employees
via phonecall, by which the attacker pretends to be:
•Assistant of a Manager; The Manager want‘s to do a very urgent task

but unfortunately forgot his password. He needs a reset now
immediately as he is in a really critical situation.
•Administrator; He calls you, as a critical system failure occured and
now he requires immediately your password to resolve the issue. If you
wouldn‘t follow him the whole companies computer system would be
down for the next 24 hours.
•Technical Engineer of a telephone company. He would have to solve a
serious telephone interference in the appropriate area. Therefore he
needs the Key of your DSL-Router to check that device for a correct
configuration.
•External, who want‘s to talk to Mr. Boss. As Mr. Boss is on holidays in
Brazil, the employee informs the caller from it. Now the attacker knows
that Mr. Boss is not at his working place, not using the Computer and
not at home for the next 3 weeks.

Training
4.0 Modern Threats
Checklist to Social Engineering

The following check-list gives an overview how you can protect
information and yourself against modern threats.
•Don‘t provide information to a person, who‘s indentity is not known.
•Don‘t disclose your passwords or personal data or information. Also

not to an IT-Administrator, colleague or friend.
•Show always a good portion of distrust if you receive emails

unexpected and uncalled. Check the email address of the sender.
And is the content of this email full of spelling mistakes?
•Please beware of clicking on Hyperlinks in emails, which routes you

to an unknown internet-page or to an obscure software installation.
You can check if this page is harmful or not, if you copy the link and
paste it into google search. Take a look at the outcome.

Training
4.0 Modern Threats
Malware (malicious software)
An attachment in an email could be used to spread malware into your

computer-network. Malware infiltrates your computer-system e.g. to
tap passwords, credit-card information, etc., etc.
But also software which is available in app-stores could contain

malware. With the download the application and the malware become
activated. You will not realize that something takes place in the
background, while the application runs perfect.
This type of program is named as Malware (malicious software)

Malware can cause a critical damage to your IT-System right up to a
complete destruction of the organizations data.

Training
4.0 Modern Threats
Malware (malicious software)

Your computer-system can be infected by:
•Troyans – will be installed to fulfill a secure purpose of the attacker e.g.

burglary of all passwords with forwarding to the hacker. Often the user can‘t
realize such attack.
•Spyware – this Malware looks after special files in the whole IT-System. (e.g.
whole contacts of the email-system), which will be forwarded to an address of the
hacker.
•Virus – lots of different viruses are existing. There are two groups Boot-Sector
Viruses and Data-Viruses. All different types can contaminate the whole system
until the programs don‘t work propperly any more.
•Worms – are replicating themselves very quickly and in a high quantity through
the whole IT-Network. A worm can also delete files or reactivates viruses and can
also contain a virus.
•Trapdoor – often a user cannot realize, that there is a trapdoor installed in the
system to gather confidential information.
•Rabbit – this Malware duplicates itself rapidly. It infects the whole IT-System
and after a while the complete system will be disrupted.
•Hoaxes – lots of faked error messages are appearing, until the work will be
impossible.

Training
4.0 Modern Threats
Social Networks
A relative new threat, comes from Social Network Platforms. On these platforms people are publishing
every day a lot of personal information of their surroundings and using it for communication (e.g.
Facebook, Twitter, Flickr, XING, LinkedIn)
Emagine:
You are on holidays with your family and you have
published greetings and some photos from where you
actually are. Two days later you get a phone-call from
the police that a burglary happened and valuables has
been stolen out of your home.
There are also networks existing where users can

collectively create their own contents. These networks
are named as Social Media (e.g. youtube)

Training
4.0 Modern Threats
Checklist to Malware and Social Networks

The following checklist will give you an overview how you can protect
information and yourself against such modern threats.
•Don‘t open attachments and don‘t click on Hyperlinks in an email, if the

sender is unknown.
•Don‘t download software or plug-ins without a prior approval and a review

of the helpdesk.
•Use external storage media (e.g. USB-Sticks, CDs/DVDs) only, if these are
from a reliable source.
•You should not click on advertisements, which are routing to unknown web-
pages, especially if they advertise with compelling, suspicious and generous
conditions.
•Don‘t publish confidential or personal information about your employment in

the Internet, also if these are only visible to your friends.

Training
4.0 Modern Threats
Reporting of Information Security Incident
Information Security Incidents are Security breaches, in case of e.g. :
•Unauthorized disclosure, Forwarding and manipulation of Data or

Informaton
•Data loss in combination with or without hardware, e.g. by

carelessness or burglary.
•Attacks to the IT-System by external third parties
•Intentional bred of malfunction of security relevant process

operations (e.g. evacuation of buildings)
Mnemotechnical verse: Please always report security relevant incidents

immediately to the helpdesk and your line-manager.

Training
Modern Threats

Information Security Awareness Training Document

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Information Security Awareness Training Document

Uploaded by

Copyright:

Available Formats

Information Security Awareness

Introduction in Information Security

Around your Working-Place

Information Security Awareness Date 01.09.2016 2

Introduction in Information Security

Around your Working-Place

Information Security Awareness Date 01.09.2016 3

1.0 Introduction in Information Security

Gettysburg, russian hackers attack nonprofit

What about CBM?

Chapter 1.0 (Page 1 of 12)

Information Security Awareness Date 01.09.2016 4

1.0 Introduction in Information Security

Adobe in September 2013:

New York, Adobe target of hackers.

About 38 Million data records of Adobe

The blackhats who executed this attack were

Chapter 1.0 (Page 1 of 12)

Information Security Awareness Date 01.09.2016 5

1.0 Introduction in Information Security

Ebay in May 2014:

E-commerce company eBay reported that 145

The attack was made through compromised

Those responsible couldn‘t be indentified.

Chapter 1.0 (Page 2 of 12)

Information Security Awareness Date 01.09.2016 6

1.0 Introduction in Information Security

Apple in September 2015:

Hacker infiltrated Apple Store and infected Apps

Apple sells XcodeGhost as official tool to

The damage could be bigger if the hackers

Chapter 1.0 (Page 3 of 12)

Information Security Awareness Date 01.09.2016 7

1.0 Introduction in Information Security

If Information Security is not ensured…

… can cause extensive consequences.

With this training module you will learn

•Why Information Security is so important

•Which tasks and responsibilities do you have in regards to Information Security

Chapter 1.0 (Page 4 of 12)

Information Security Awareness Date 01.09.2016 8

1.0 Introduction in Information Security

Facts and Information

The primary function of Information Security is the protection against dangers

• Loss or abuse of business-critical data

• Loss of business relations

• Sanctions of supervisory authorities

Chapter 1.0 (Page 5 of 12)

Information Security Awareness Date 01.09.2016 9

1.0 Introduction in Information Security

Facts and Information

• Availability – Seizure, that any authenticated and authorized person in the

• Integrity - Data have to be protected against unauthorized and undetected

• Authenticity – The originality, verifiability and reliability of an object or subject

Chapter 1.0 (Page 6 of 12)

Information Security Awareness Date 01.09.2016 10

1.0 Introduction in Information Security

Worldwide country-specific laws and regulations are in place to protect

Furthermore the opportunities can be strongly restricted if information have to

As an aid organisation we are committed, that we are able to verify with

Chapter 1.0 (Page 7 of 12)

Information Security Awareness Date 01.09.2016 11

1.0 Introduction in Information Security