Title Information Security Modular Training for SME
Project Number LLP-LDV-TOI-11-AT-0013
Product INSEMOT Curriculum
Title INSEMOT Curriculum
Product Type program or curricula
Marketing Text This curriculum shall serve teachers in the field of Information Security Management as a handbook on how to organise a course on Information Security Management designed for owners / managers and employees of small and medium sized enterprises (SME) . It is designed and meant to give ideas and serve as a good practice example. The organisation of an individual course nevertheless will require adaptation and modification of the provided structure and concept in regard of individual needs. If participants require a more individual attendance or if some of the listed units are of more interest to the learners than others, the teacher is always free to set priorities according to target group needs.
This curriculum consists of five main building blocs:
1. the course description (chapter 1) providing an overview of the central learning objectives of the workshop;
2. the macro planning of the workshop (chapter 2) including details of the 3 training levels to be achieved, learning objectives of each level, as well as suggestions on how to split the learning content between online and face-to-face sessions;
3. the description of assumed target group pre-requisites per training level and the conditions regarding the learning environment (chapter 3);
4. the description and reasoning of methods to be applied throughout the training (chapter 4);
5. a suggestion and example for the organisation of the blended-learning approach (chapter 5).
The aim of this course is to support owners or managers of small and medium enterprises in the planning and implementation of an adequate information security concept. Throughout the course this target group shall gain a basic understanding and knowledge of information security, its requirements and juridical framework, strategic and organisational approaches and practical measures. In order to meet different company’s pre-requisites and needs the course is divided in 3 Levels:
Level 1: Generic
Level 2: Intermediate
Level 3: Advanced
After completing Level 1 participants will have a general understanding of what Information Security Management is and why it is important for companies.
Level 2 will provide participants with an overview of some measures to be taken.
Participants completing Level 3 will be in a position to take over the role of the Information Security Officer for their company.
The main characteristics of the profile of an Information Security Officer can be summarized as follows:
• ability to prevent as much and as well as possible
• determination and efficacy in taking decisions
• two way communication (top down and bottom up)
• ability to delegate and involve staff
• ability to identify and listen to weak signals
• ability to make a “team”
• participated involvement in business issues, as a flexible, innovative function that is continually better integrated to support the business
• adoption of a “facilitator” role and not that of an obstacle
• strong attention to anomalies that are brought to his/her Attention
• rigour and objectivity in measuring results
• primary role in security training and communication programmes
Area of application
Level 1: Generic
Target Audience: The generic level addresses owners / managers and employees of SMEs.
Objective / Learning Outcome: The main objective is to raise awareness of Information Security Management and to provide practical knowledge and skills on how to respect Information Security in daily routines. The generic level covers parts of PLAN and RUN and consists of 15 learning units.
Level 2: Intermediate
Target Audience: The intermediate level addresses owners and managers of SMEs who are responsible for the organisation of Information Security Management and are in charge of decision making.
Objective / Learning Outcome: Within the intermediate level pre-knowledge in the field of Information Security and ICT is not required. It is the objective of the intermediate level to train participants to be able to plan and organise IS in close co-operation with external IS experts. The intermediate level provides a deeper understanding of PLAN and RUN and consists of 15 learning units.
Level 3: Advanced:
Target Audience: The advanced level addresses owners / managers of SME who have some pre-knowledge in ICT and in basic Information Security correspondent to Level 1 and 2.
Objective / Learning Outcome: It is the objective of the advanced level to train participants to be able to organise and implement IS measures themselves, at least to a great extent. The advanced level provides a deeper understanding of MANAGE and consists of 10 units.