Protecting the United Nations' data, resources, and reputation is vitally important. As the Organization stores, processes, and shares more and more sensitive information electronically, preventing breaches is paramount.
The Office of Information and Communications Technology (OICT) was tasked with establishing an information risk management regime and supporting policies for the Secretariat. OICT has developed an action plan that addresses the most urgent shortcomings, and mitigates specific risks that have been identified on the basis of incidents that have already occurred, and continue to expose the information and ICT systems of the Secretariat.
Mandatory Awareness Programme
While security systems, policies and procedures have been put in place to protect the Organization's ICT resources, another critical element of security risk management is people. A mandatory programme has been developed to give all UN staff and authorized ICT users the fundamental tools and knowledge to stay cyber safe. Users take the computer-based course individually. It is available on:
- Inspira (accessible from within the UN network and through the Internet). A low bandwidth version for locations with poor connectivity is also available. (English and French)
- Department of Safety and Security training site for those that do not have access to Inspira. (English only)
On successful completion of the mandatory Foundation training and assessment, participants will earn an Information Security Awareness accreditation. The assessment must be completed to print the certificate. Advanced training and optional ("Additional") topics are also available.