Security training when onboarding people

Question

Security training when onboarding people

dz0ny opened this issue 7 years ago · 5 comments

Interesting read:
https://slack.com/security
https://a.slack-edge.com/4c1ae/img/security_ent/Security_White_Paper.pdf

Slack’s personnel practices apply to all members of the Slack workforce (“workers”)—regular
employees and independent contractors—who have direct access to Slack’s internal information
systems (“systems”) and / or unescorted access to Slack’s ofce
space. All workers are required to
understand and follow internal policies and standards.
Before gaining initial access to systems, all workers must agree to condentiality
terms, pass a
background screening, and attend security training. This training covers privacy and security
topics, including device security, acceptable use, preventing malware, physical security, data
privacy, account management, and incident reporting.

Answer 1 · 2017-06-28T18:32:13.000Z

Any idea where we can get the training done? I'm totally +1 for having obligatory background screening and security training as the first step of onboarding, we "just" need to find out how to do outsource it well.

Answer 2 · 2017-06-28T18:55:47.000Z

Heh, outsource :) I've been/will be asking around.

reciprocitylabs: half hour talk with HR and internal docs, depending on position additional training (basic 2fa, secure notes, travel safety, how to communicate security issues to team or HR)

Answer 3 · 2017-06-28T19:18:18.000Z

I've noticed that we no longer have anything related to security in onboarding ticket... or is this sent as part of initial mail?

This is not sent https://intra.niteoweb.com/operations/security-policy ?

Answer 4 · 2017-06-29T13:32:37.000Z

Security Policy needs a review and then has to be added to the onboarding checklist.

Answer 5 · 2017-07-14T15:52:38.000Z

Reviewed and posted to handbook: https://github.com/niteoweb/handbook/blob/master/security.md

Please update as necessary.