security awareness – essential part of security management ilze murane
TRANSCRIPT
![Page 1: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/1.jpg)
Security Awareness – Essential Part of Security Management
Ilze Murane
![Page 2: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/2.jpg)
Agenda
Security management Security awareness in organization Security awareness for home user
Questions for discussion
![Page 3: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/3.jpg)
ISF Standard
Information Security Forum The Standard of Good Practice for
Information Security http://www.isfsecuritystandard.com
![Page 4: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/4.jpg)
Security Management I
Management commitment Security policy Security organization
– Information security function
– Security awareness
– Security classification
– Ownership
– Information risk analysis
![Page 5: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/5.jpg)
Security Management II Secure environment
– Security architecture– Information privacy– Physical protection– Business continuity– Use of cryptography– Remote working
![Page 6: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/6.jpg)
Security Management III Malicious attack
– Virus protection– Intrusion detection– Forensic investigations– Patch management
Management review– Security audit/review– Security monitoring
![Page 7: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/7.jpg)
Security Awareness
Information security awareness is the degree to which every member of staff understands the importance of information security, their individual security responsibilities
…and acts accordingly
![Page 8: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/8.jpg)
Security Awareness in organization
Principle– Specific activities should be undertaken, such as a
security awareness programme, to promote security awareness to all individuals who have access to the information and systems of the enterprise
Objective– To ensure all relevant individuals understand the key
elements of information security and why it is needed, and understand their personal information security responsibilities
![Page 9: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/9.jpg)
IT security lessons: example I
Passwords– Do not share passwords
– Use ‘strong’ passwords
– Don’t write passwords down
![Page 10: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/10.jpg)
IT security lessons: example II
Viruses– Beware of viruses, particularly in e-mail
attachments
– Ensure that anti-virus software is installed and updated
![Page 11: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/11.jpg)
IT security lessons: example III
E-mail and Internet use– Don’t send sensitive information over the
Internet
– Don’t publish your e-mail address in the Internet
– Internet use must comply with corporate policies
![Page 12: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/12.jpg)
Case study
Awareness “history”– IT security– Information security– Business Continuity Testing– Security including physical security
Regular seminars
![Page 13: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/13.jpg)
From awareness to behaviour change
Security-positive behaviour should be encouraged by– making attendance at security awareness
training compulsory– publicizing security successes and failures
throughout the organization– linking security to personal performance
objectives
![Page 14: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/14.jpg)
Security Awareness for home user
No regulations Personal risk experience More electronic information
– Internet banking
Everyone is in theInternet
![Page 15: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/15.jpg)
Lessons for everybody Main risks
– Viruses– Spyware– Phishing– Spam
About– Safe e-mail usage– Safe internet browsing– Securing your computer
![Page 16: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/16.jpg)
At school?
Other security (safety)– road traffic regulation– electricity (physics)– fire protection
IT security...
![Page 18: Security Awareness – Essential Part of Security Management Ilze Murane](https://reader035.vdocument.in/reader035/viewer/2022081513/5697bfab1a28abf838c9acb5/html5/thumbnails/18.jpg)
?
Is IT security concerns everybody How to educate society Special software/game What are our responsibilities ...