1. Introduction to Security Protocols

Overview

Information security is important to any company that deals with sensitive, personal, or confidential information. This lesson explains the importance of this topic, and outlines some of the laws and standards in the field.

Summary

  1. Lesson Goal (00:28)

    The goal of this lesson is to learn about the importance of information security policies.

  2. Importance of Information Security (00:41)

    Information is a company asset, like buildings or employees. Events such as data breaches can have negative business consequences and reputational consequences for affected companies. As such companies need to have a policy in place to protect their information. 

    Information security policies also emphasize the importance of responsible data handling to employees. Many data loss incidents come about due to employee negligence, and having policies in place to handle information correctly can help reduce the likelihood of these events.

  3. Laws and Standards (01:44)

    There are several laws in the area of data handling. The most well-known is the General Data Protection Regulation, which has been enforced in the European Union since 2018. This grants individuals various rights when their data is collected by companies.

    There are also various standards in the area of data handling. One of them is ISO 27001, which outlines key components that a company should consider when drafting policies to keep their information secure.

    Some principles in this course are derived from these laws and standards, but the information in this course should not be interpreted as legal advice.

  4. Course Outline (02:50)

    This course contains three main sections:

    • Data protection rights, responsibilities, and principles

    • Security of assets, communications, and workplaces

    • Data incidents and how to handle them

Transcript

Information security is a critical part of business.

The amount of information businesses collect is rising frequently. The number of threats to that information can be high. And the consequences, if the information is lost, can be severe. As a result, businesses need to keep their information secure. Throughout this course, we'll aim to show you the most important procedures and protocols that will help you do this. Our goal in this first lesson is to learn about the importance of information security policies, and to outline the course. Let's start by understanding the importance of information security policies. Information is a company asset like buildings or employees. In the same way that any sensible company has a plan to prevent thieves from breaking into their office space, and a plan to ensure important employees stay with the company, so you should have a policy to keep your company's information secure. There are many events that can lead to a company's information being lost. A well-known example would be a data breach where a company's information is stolen by hackers. Events like this can have reputational and even legal consequences for a company Having good information security policies should help reduce the likelihood of these events.

Information security policies also help emphasize the importance of information security to employees. Data and information loss is often the result of employee negligence and having proper information security policies should help guide employees away from these negligent actions. Adherence to your policies can also be part of employee contracts, which gives you some protection against your employees deliberately leaking company data to external parties.

There are many laws and standards that can be applied in the area of information handling. The most well-known law is probably the General Data Protection Regulation, or GDPR, which was enforced by the European union in 2018. This law grants individuals various rights when their personal information is collected by companies.

There are many well-known standards in the area of information handling. One of them is ISO 27001, set by the international organization for standardization. This standard outlines key components that should be contained in a company's information security policies. Some of the principles introduced in this course are derived from these laws and standards, among other sources. but we must emphasize that the content of this course does not constitute legal advice.

If your aim is to comply with a particular law or standard, you should not rely on this course alone. It's always a good idea to consult legal experts in your region. In this course, we'll aim to outline the key components of an information handling policy. We'll start by discussing relevant rights and responsibilities, mentioning how to protect data, who should be responsible for it, and how to handle the data of people inside and outside your company. We will then learn how to manage your company's assets, communications, and workspaces, with a distinction between office workspaces and home workspaces.

Finally, we'll discuss data incidents, learning how to prevent them and how to deal with them if they do occur. The material in this course should be useful for anyone looking to set up an information security policy in their company, or anyone looking to understand what such a policy should contain.

We'll start in the next lesson, by learning the basic principles of data protection.