E-learning promotes information security

Abstract

Economic globalization, extensive use of IT-systems, the always stronger competition and severer legal regulations requires increased data protection, availability and data integrity. Therefore always more organizations are implementing an information security management system regarding ISO/IEC 27001 and ISO/IEC 27002. Such standard based management systems (as information security ISO/IEC27001, quality ISO9001, environmental ISO14001, hygiene management systems ISO 22000, IT service management ISO/IEC 20000-1 and others) are widely implemented and based on common principles: objectives and strategies, business processes, resource management and continuously optimization. These systems must also be documented (system documentation), communicated, implemented and continuously improved. Thereby the collaborators awareness is the great challenge and chance. The elaborated organizational regulation contains all relevant information security requirements adapted to the organizational needs and objectives. Normally these are elaborated one time, trained, distributed, but are hardly used as reference book for workplace need-oriented process integrated learning to improve information security. The documentation is almost felt as additional workload with a little or no advantage and it is not totally corresponding with the lived principles. Based on this situation we prepared the system documentation according to media-pedagogical and didactical principles and published it on organizational learning and knowledge system based on constructivist theory. In the case study the documentation promotes in a confidence-based, open and fault-tolerant corporate and learning culture workplace integrated, needoriented access to the documentation, improvement of information security, employee involvement and knowledge sharing, a practice-oriented system documentation, shorter initial training periods for new collaborators and thereby a continuous optimization of information security and the organization. © Springer Science+Business Media B.V. 2008.