InfoSec 101 is a broad but shallow awareness module. It is intended to bring workers quickly up to speed on the essentials of information security.  The module contains a good range of awareness and training materials covering commonplace information security controls that everyone ought to know about.
 
Rather than attempting to cover all of information security in one go, we’re setting workers off on the right foot. In time they will be assimilated into the organisation’s security culture. InfoSec 101 promotes basic information security controls such as antivirus, backups and passwords.  The materials are deliberately succinct, outlining key aspects without delving into the details.  
 
InfoSec 101 is primarily designed for new worker orientation or induction training - ideally interactive sessions facilitated by a presenter who knows information security quite well but the content is sufficient to brief any presenter (e.g. a trainer from HR).  You might post the content on your intranet Security Zone (more below) or import it into a Learning Management System for self-paced learning when newcomers have the chance to explore.
 
First impressions matter, so the module helps Information Security, HR or training professionals deliver interesting and engaging awareness sessions accompanied by impressive, top-quality supporting materials. Establishing personal contacts throughout the organization gradually expands the Information Security team across the enterprise, meaning more ‘eyes and ears’ out there.  This benefit alone is well worth the investment but there’s more.
 
For newly-promoted managers, the management stream includes appropriately-styled content covering the fundamentals of governance, risk management and compliance - important concepts with which they may not have much prior experience. 
 
As well as induction or orientation purposes, InfoSec 101 also facilitates the launch or relaunch of an awareness and training program in support of relevant laws and regulations (GDPR for instance), ISO/IEC 27001, PCI-DSS and other compliance obligations.  It introduces the program, quickly bringing everybody up to the same foundation level of awareness and understanding.
 
InfoSec 101 also supports refresher training to get workers back on track with information security if, for whatever reason, they have fallen behind and need reminding of the basics. Manual workers, for instance, may have little interest in the regular security awareness and training activities throughout the year, whereas a short, focused, annual update might be worth their time and fulfil the organization's compliance obligations.
 
The seminar slides, leaflets, model policies and other materials advise workers to check out the Security Zone, Information Security's showcase on the corporate intranet.  Along with the Help Desk, the Security Zone is a focal point for anyone seeking additional information and advice.  A generic functional specification for the Security Zone is provided in the module to help you set one up from scratch or review and perhaps redesign your existing site.

Finally, this module supports the launch or re-launch of a security awareness and training program, enabling you to get the entire workforce quickly up to speed with the foundations on which the program will build in successive periods.
 
Learning objectives
InfoSec 101 is designed to:
Deliver a grounding in the fundamentals of information risk and security through general background and core concepts (e.g. a hyperlinked glossary explaining common terms - a simplified 10-page extract from our full 300+ page glossary);
Introduce workers to the security awareness and training program, and the Information Security function (putting faces-to-names);
Give a heads-up on the corporate security policies and procedures, the rules of the game;
Support and foster the corporate security culture, growing social links through the organization with substantial long-term benefits;
Encourage workers to think and motivate them to behave more securely - do the right thing as well as do things right;
Direct workers to sources of further information, advice and guidance as required.