Objective: To create awareness amongst end-users about the need for IS security in their workplace and its implementation in day-to-day activities.

Description: Information security awareness amongst end-users is today an imperative, because people are the weakest link in the information security chain. They can easily be 'socially engineered' (or deceived) to part with their passwords, or perform acts unwittingly, which may permit malicious outsiders entry into the company's IT system. Indeed, it is a common catchphrase in the hacker underworld that "amateurs hack systems, whereas professionals hack people". Hard experience points out that 70% of security breaches are perpetrated internally. And inside attacks are potentially more costly.

Essentially, information security is a 'people issue'. End-user awareness is vital in the work place because well-designed information security policies are, by themselves, of little use unless all users are fully aware of the need for maintaining the security of corporate and personal information assets. Employees cannot be held accountable for their actions if they are not aware of what is expected of them.

The aim of the 'Information Systems Security in the Work Place' course is to spread information security awareness. It is not designed to provide in-depth education or professional skills, but aims to provide participants necessary inputs to appreciate the criticality of securing their personal and corporate information assets, and enable them to adopt good information security practices.