Technical security controls are a vital part of our information security framework but are not in themselves sufficient to secure all information assets.
Effective information security also requires the awareness and proactive support of all employees, supplementing, and making full use of the technical security controls. This is obvious in the case of social engineering, attacks, or other current exploits being used, specifically targeting humans rather than IT and network systems.
Schibsted’s internal information security awareness and training program aims to inform and assess all employees regarding their information security obligations.
This applies throughout the organization as part of the information security management system. It applies regardless of whether or not employees use computer systems and networks. All employees are expected to protect all forms of information assets, including computer data, written materials/paperwork, and intangible forms of knowledge. This is directed to all Schibsted employees and consultants with access to Schibsted systems, networks, company information, and/or PII.