Why Awareness Training?

The true value of providing security awareness training to end-users:

Computer security awareness is not a technology – it’s a mind set. It’s the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially, the integrity of your IT assets and data. Employees across the globe make simple mistakes which expose information based assets that harm organizations. A robust awareness program is crucial because it is the vehicle for proper communication and instruction of the security requirements implemented to protect your most valuable assets. With appropriate awareness training, corporations can enlist the assistance of their employees to mitigate risks.

SCIPP International recommends that you utilize our various courses and services to provide security awareness training and enforce sound security practices throughout your organization. Recognized as the gold standard by the Information Security industry, all SCIPP Security awareness course material, products and services have been designed to include all best practice areas of information security. It is imperative that these practices are closely adhered to by any company providing security awareness training and are fully compliant with all known mandates and other industry specific requirements regulated or recommended by the following:

Federal Financial Institutions Examination Council’s (FFIEC) ,Payment Card Industry (PCI-DSS), HIPAA, FISMA, The Computer Security Act of 1987, ISO 17799, NIST, NERC, OMB circular number A-130 Appendix III, Homeland Security Presidential Directive 7 (HSPD-7,) AR-25, BS7799, COBIT, BASEL II, GLBA, and Section 508.

Furthermore, we will work with you to ensure your security awareness program meets your own internal policies and requirements as well.

All Contents of this site constitute the property of SCIPP International, Inc.,

and may not be copied, reproduced, or distributed without prior written permission.

As an important part of doing business, security awareness and the proper handling of information assets is key to business success in our on-line world. Auditors, regulators and the courts are scrutinizing corporate policies and evaluating the effectiveness of awareness programs.

Companies should integrate a well-rounded security awareness program which combines active and passive messaging to achieve organizational goals of meeting mandated requirements and customer expectations. Practically every company falls under the jurisdiction of one or more mandates, such as HIPAA, Basel II, ISO 17799, SOX, FISMA, and PCI-DSS. Rest assured that all awareness courses produced by SCIPP International meet the requirements.

In 1997 the U.S. General Accountability office (GAO) identified information technology security as “ a new high risk area that touches every major aspect of government operations” (Report# GAO/HR-97-30). Since then, the regulatory environment has evolved to deal with corporate scandals (Sarbanes-Oxley), acts of terrorism (The USA PATRIOT Act), electronic access to patient information (HIPAA), the protection of consumer information (Gramm-Leach-Bliley), and the management of clinical trial data (FDA Title 21 CFR Part 11). Attached to some of these regulations are fines and prison terms if regulated institutions are found in noncompliance. Perhaps more importantly, other risks of non-compliance include the public disclosure of key assets, loss of customers, de-listing from stock exchanges, damage to brand or company reputation, negative impact to stock price, shareholder lawsuits, and a loss in confidence in key company stakeholders.

Raise awareness, reduce business risk and achieve compliance with best business practices that align with all known regulations, guidelines and standards!