History
- Priority
- recommended
- Nov 2018
- Removed
- Removed due to a merge of relevant content into security control 0252.
- 2017
- Agencies should ensure that information security awareness and training includes:• the purpose of the training or awareness program• security appointments and contacts• the legitimate use of system accounts, software and information• the security of accounts, including shared passphrases• security risks associated with unnecessarily exposing email addresses and otherpersonal details• authorisation requirements for applications, databases and data• the security risks associated with non-agency systems, particularly the internet• reporting any suspected compromises or anomalies• reporting requirements for cyber security incidents, suspected compromises or anomalies• classifying, marking, controlling, storing and sanitising media• protecting workstations from unauthorised access• informing the support section when access to a system is no longer needed• observing rules and regulations governing the secure operation and authorised useof systems.
- 2015
- Agencies should ensure that information security awareness and training includes:• the purpose of the training or awareness program• security appointments and contacts• the legitimate use of system accounts, software and information• the security of accounts, including shared passphrases• security risks associated with unnecessarily exposing email addresses and otherpersonal details• authorisation requirements for applications, databases and data• the security risks associated with non–agency systems, particularly the Internet• reporting any suspected compromises or anomalies• reporting requirements for cyber security incidents, suspected compromises or anomalies• classifying, marking, controlling, storing and sanitising media• protecting workstations from unauthorised access• informing the support section when access to a system is no longer needed• observing rules and regulations governing the secure operation and authorised use ofsystems.
- 2010
- It is recommended agencies ensure information security awareness and training includes:••••••••••••the purpose of the training or awareness programsecurity appointments and contactsthe legitimate use of system accounts, software and informationthe security of accounts, including shared passwordsauthorisation requirements for applications, databases and datathe security risks associated with non-agency systems, particularly the Internetreporting any suspected compromises or anomaliesreporting requirements for cyber security incidents, suspected compromises or anomaliesclassifying, marking, controlling, storing and sanitising mediaprotecting workstations from unauthorised accessinforming the support section when access to a system is no longer neededobserving rules and regulations governing the secure operation and authorised use of systems.