Upload File

information system security awareness and training program … · agenda •what to avoid •...

  • Home
  • Documents
  • Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness
11
Rodney Dor PMP, CISA, CISSP IS Security Protecting OCTA assets in the rapidly changing world of Information Security Information System Security Awareness and Training Program

Upload: vanthu

Post on 11-Apr-2018

214 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness

Rodney Dor PMP, CISA, CISSP

IS Security

Protecting OCTA assets in the rapidly changing world of Information Security

Information System Security

Awareness and Training

Program

Page 2: Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness

Agenda

• What to avoid

• Perpetrators and Motives

• Security Components

• Why awareness

• User Focused

• Awareness Impact

• Infrastructure Components

• Q & A

Page 3: Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness

In the NEWS !!

Shenendehowa Transportation

Employees (Shenendehowa, NY)

Records Breached: 250

http://www.ocregister.com/news/site-147886-web-search.html
http://articles.latimes.com/2007/jun/01/local/me-hackers1
http://www.ftc.gov/opa/2006/01/choicepoint.shtm
Page 4: Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness

Organized Crime

Corporate Espionage

Employees customers contractors

Script Kiddies

Hackers

Activist

Terrorist

The casual geek

Perpetrators

Page 5: Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness

Easy to commit

Thrill

Organizations unaware

Loose punishment

Lack of enforcement

Accessibility

Retribution

Personal Beliefs

Political Hacktivism

Retaliation

Financial Gain

Bragging

Rights

Media Stardom

Public Apathy

Personal

WHY

NOT?

Motives

Page 6: Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness

Availability

Process

People

Facilities

Technology

Security

Components

IT

Security

Page 7: Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness

Executive

management

supported

priority

One of top five

initiatives in the

security portfolio

Key

component

of the

security

program

PRESERVING

Confidentiality -: Ensuring information is

disclosed to, and reviewed exclusively by intended

recipients / authorized individuals

Integrity - Ensuring the accuracy and completeness

of information and processing methods

Availability - Ensuring that information and

associated assets are accessible whenever

necessary by authorized individuals

Why Security Awareness

and Training

Page 8: Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness

1 Ensure public trust

Maintain OCTA professional & positive image

Reduce IT risks to an acceptable level

Be compliant with Laws and Regulations

2

3

4

OCTA Security objectives

Provide the basic understanding and

importance of information security and

OCTA Security objectives.

Program Mission

Page 9: Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness

• Audience - All employees

• User Awareness - sets the stage for training by

changing attitudes and behaviors

• User Training - Teaches the specific skills to enable

users to perform their security responsibilities

• Frequency – Yearly with a midyear refresher

• Tangibles – Handouts, Policies, Posters, Table tents in

break rooms

• Standards & Best Practices

DEFENSE IN DEPTH

Polices, Procedures & Awareness

Perimeter

Internal Network

Host

Application

Data

Physical Security

Awareness and Training Program Impact

User security awareness can affect

every aspect of an organization’s

security profile

Page 10: Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness

Infrastructure Components

Page 11: Information System Security Awareness and Training Program … · Agenda •What to avoid • Perpetrators and Motives • Security Components • Why awareness •User Focused •Awareness

Questions?


Security awareness training

IT Security Awareness

Heightened Security Awareness

Information Security Awareness

Security Awareness Campaign Overview. Security Awareness Campaign Goal: Raise security awareness across campus Target audiences: Students Faculty/Staff

911 Perpetrators

Email Security Awareness

Security Awareness Training · Card Industry Data Security Standard (PCI DSS 12.6), require a security awareness training program in order to achieve compliance. Security Awareness

Security Awareness Guide

Cyber Security Awareness

SECURITY AWARENESS. The Importance of Security Awareness Training Security Awareness Training provides the knowledge to protect information systems and

HIPAA Security Awareness

FDA Security Awareness Web Site - NIST · 2018-09-27 · FDA Security Awareness Web Site . The Security Awareness Web Site provides ongoing security awareness including useful security

Information Security - Awareness

Email Security Awareness - csirt.bppt.go.id · Email Security Awareness? TujuanEmail Security Awareness iniadalahuntukmeningkatkankepedulian terhadapkerahasiaandata email, data credentials

Security Awareness 2009

Profiles of Perpetrators of Terrorism in the United States ......Profiles of Perpetrators of Terrorism in the United States, December 2014 Author: U.S. Department of Homeland Security

Fostering Security Awareness

Security Awareness, Training, and Education Plan · • Basic Security Awareness Training (AT-2): Basic security awareness training ... • Security Training Records (AT-4): Each

Cyber Security Awareness training - Curricular Affairsca.med.sc.edu/handbooks/CyberSecurity.pdf · Cyber Security Awareness Training Cyber Security Awareness Training FY 2007FY 2007

Michigan Security Awareness Training - CAK Home · Michigan Security Awareness Training Author: Michigan State Police Subject: Michigan Security Awareness Training Keywords: Michigan

Security Awareness, Training and Education Catalog · SECURITY AWARENESS, TRAINING AND EDUCATION CATALOG 2 Security Awareness Education Every Trustwave Security Awareness Education

Security & Fraud Awareness

Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Security - Situational awareness

HMIS Security Awareness

Security Awareness and CYBER - PerformCare · 2019-08-20 · Security Awareness and CYBER - Providers - PerformCare Author: PerformCare Subject: training, security awareness, CYBER

Beyond Security Awareness!

Security Awareness

SGTM 6: Personal Security Awareness Slide 1 SGTM 6: Personal Security Awareness

Security Awareness security.nsu

Completing Security Awareness Training · 2020-05-13 · Security Awareness Training. 3. Completing Security Awareness Training Security Awareness Training will be completed in conjunction

Security awareness 24 May 2015 Security awareness

Security awareness