Protecting the United Nations' data, resources, and reputation is vitally important. As the Organization stores, processes, and shares more and more sensitive information electronically, preventing breaches is paramount.
The Office of Information and Communications Technology (OICT) was tasked with establishing an information risk management regime and supporting policies for the Secretariat. In 2013, OICT developed an action plan to address the most urgent shortcomings and mitigate specific risks. That action plan is now moving to maintenance mode and OICT continues to proactively implement effective measures to address both short- and long-term information security concerns.
Mandatory Awareness Programme
While security systems, policies and procedures have been put in place to protect the Organization's ICT resources, another critical element of security risk management is people. A mandatory programme has been developed to give all UN staff and authorized ICT users the fundamental tools and knowledge to stay cyber safe. Users take the computer-based course individually. It is available on:
- Inspira (accessible from within the UN network and through the Internet). A low bandwidth version for locations with poor connectivity is also available. (English and French)
- Department of Safety and Security training site for those that do not have access to Inspira. (English only)
On successful completion of the mandatory Foundation training and assessment, participants will earn an Information Security Awareness accreditation. The assessment must be completed to print the certificate. Advanced training and optional ("Additional") topics are also available.