Information Security Training | Confidentiality, Integrity and Availability (CIA) Awareness
Information Security · CIA · Awareness

Information Security Training

With the Information Security Training conducted within the organisation, the aim was to increase employee awareness against the risks of unauthorised use of information assets, unauthorised access, data leakage and operational disruption. In the training, example scenarios and implementation practices were addressed within the framework of the Confidentiality, Integrity and Availability principles (CIA) that form the basis of information security.

In the session, topics such as access management, password discipline, authentication methods, e-mail and endpoint security, social engineering attacks, secure remote working rules and incident notification were addressed, in connection with the organisation's business processes.

Quick Summary

Focus: Corporate awareness against the unauthorised use of information assets.
Topics: CIA, access management, password/MFA, e-mail security, social engineering, incident notification.
Gains: Risk reduction, behaviour standardisation, audit compliance and a sustainable security culture.
Approach: Policy + process + user behaviour + technical controls.

Awareness Access Management Social Engineering Incident Notification
Note: Information security becomes sustainable not only through technological measures but through role-based responsibilities, standard operation and correct user behaviour.

1. Scope and Objective of the Training

The training was structured to strengthen the basic awareness for protecting the organisation's information assets, enable employees to recognise the security risks they may encounter in their daily workflows and increase compliance with policies/procedures.

Scope Topic Content Summary
Information asset approach Classification of information, ownership, critical assets and business continuity impacts
Access and identity management Authorisation, least privilege, MFA, shared account risks
Password discipline Strong password/encryption habits, the risks of password reuse, the password manager approach
E-mail and social engineering Phishing, fake links/attachments, phishing scenarios and verification steps
Incident management and notification Reporting suspicious situations, first response principles, record keeping

Within this framework, it was emphasised that, for information security to turn into corporate maturity, it should be supported not by "one-off training" but by regular measurement and reminder mechanisms.

2. CIA Principles: Confidentiality · Integrity · Availability

Information security is ensured by the balanced protection of three fundamental principles: Confidentiality, Integrity and Availability. In the training, this triad was made concrete with corporate examples and risk scenarios.

2.1. Confidentiality

Focuses on preventing unauthorised persons from accessing information. Access privileges, role-based restrictions, screen locking, data masking and secure sharing methods are the main control areas of this topic.

2.2. Integrity

Aims to protect the accuracy of information and the fact that it has not been altered. Unauthorised changes, erroneous records, version confusion and incorrect reporting risks are critical elements directly affecting business decisions.

2.3. Availability

Means that information is accessible at the moment it is needed. Backup strategies, disaster recovery, capacity planning and service continuity are assessed within this scope.

Emphasis: The CIA approach is a reference framework that clarifies "which risk" information security controls reduce and directly contributes to corporate decision-making processes.

3. Implementation Topics and Critical Behaviours

In the training, practical and applicable behaviour sets were shared for the risk areas most frequently encountered in daily workflows. The aim is to clarify not "what employees should not do" but "what they should do".

3.1. Critical Behaviour Set

  • Suspicious e-mail: Verification before opening a link/attachment, domain check, second-channel confirmation
  • Password security: Avoiding password reuse, using MFA, not sharing passwords
  • Screen and desk discipline: Screen lock, storing printouts in a locked cabinet, the clean-desk approach
  • File sharing: Organisation-approved channels, access restriction, time-limited links and authorisation control
  • Incident notification: Fast notification and record keeping when there is suspicion of unauthorised access/device loss/data leakage
Operational contribution: This behaviour set both reduces the risk of a data breach and facilitates the generation of "implementation evidence" in audits.