Information Security Training
With the Information Security Training conducted within the organisation, the aim was to increase employee awareness against the risks of unauthorised use of information assets, unauthorised access, data leakage and operational disruption. In the training, example scenarios and implementation practices were addressed within the framework of the Confidentiality, Integrity and Availability principles (CIA) that form the basis of information security.
In the session, topics such as access management, password discipline, authentication methods, e-mail and endpoint security, social engineering attacks, secure remote working rules and incident notification were addressed, in connection with the organisation's business processes.
Focus: Corporate awareness against the unauthorised use of information assets.
Topics: CIA, access management, password/MFA, e-mail security, social engineering, incident notification.
Gains: Risk reduction, behaviour standardisation, audit compliance and a sustainable security culture.
Approach: Policy + process + user behaviour + technical controls.
1. Scope and Objective of the Training
The training was structured to strengthen the basic awareness for protecting the organisation's information assets, enable employees to recognise the security risks they may encounter in their daily workflows and increase compliance with policies/procedures.
| Scope Topic | Content Summary |
|---|---|
| Information asset approach | Classification of information, ownership, critical assets and business continuity impacts |
| Access and identity management | Authorisation, least privilege, MFA, shared account risks |
| Password discipline | Strong password/encryption habits, the risks of password reuse, the password manager approach |
| E-mail and social engineering | Phishing, fake links/attachments, phishing scenarios and verification steps |
| Incident management and notification | Reporting suspicious situations, first response principles, record keeping |
Within this framework, it was emphasised that, for information security to turn into corporate maturity, it should be supported not by "one-off training" but by regular measurement and reminder mechanisms.
2. CIA Principles: Confidentiality · Integrity · Availability
Information security is ensured by the balanced protection of three fundamental principles: Confidentiality, Integrity and Availability. In the training, this triad was made concrete with corporate examples and risk scenarios.
2.1. Confidentiality
Focuses on preventing unauthorised persons from accessing information. Access privileges, role-based restrictions, screen locking, data masking and secure sharing methods are the main control areas of this topic.
2.2. Integrity
Aims to protect the accuracy of information and the fact that it has not been altered. Unauthorised changes, erroneous records, version confusion and incorrect reporting risks are critical elements directly affecting business decisions.
2.3. Availability
Means that information is accessible at the moment it is needed. Backup strategies, disaster recovery, capacity planning and service continuity are assessed within this scope.
3. Implementation Topics and Critical Behaviours
In the training, practical and applicable behaviour sets were shared for the risk areas most frequently encountered in daily workflows. The aim is to clarify not "what employees should not do" but "what they should do".
3.1. Critical Behaviour Set
- Suspicious e-mail: Verification before opening a link/attachment, domain check, second-channel confirmation
- Password security: Avoiding password reuse, using MFA, not sharing passwords
- Screen and desk discipline: Screen lock, storing printouts in a locked cabinet, the clean-desk approach
- File sharing: Organisation-approved channels, access restriction, time-limited links and authorisation control
- Incident notification: Fast notification and record keeping when there is suspicion of unauthorised access/device loss/data leakage