Information security awareness – a case study

advertisement
3rd Information Security and Cyber Defence Conference
Ms. Anett MÁDI-NÁTOR
National Security Authority of Hungary
Head of Information Security Awareness
“How information security awareness programs are able
to change corporate mind-set – a case study”
2013 Balatonőszöd
Table of contents
Multi-level awareness
The case
The study
The evaluation
The conclusion
Information security
awareness – a case
study
Multi-level awareness
Priviledged users
Normal users
System administrators
System developers
Information security
awareness trainers
Information security
awareness – a case
study
The case
A regionally significant
service provider
More than 6000 employees
More than 43 million clients
More than 65 million $ revenue
Decision makers
Users
IT experts
1 month
Information security
awareness – a case
study
The study
Professional content of training –
system hardening methods
including UNIX, Windows, and
network aspects
Pre-session and post-session
questionnaire for assessing the
change of security awareness level
Analysis of answers is based on
statistical methods
Information security
awareness – a case study
Measuring effectiveness of training
itself
Willingness to participate in further information security awareness
trainings
100%
90%
Ratio of willingness
80%
70%
60%
50%
89%
100%
40%
30%
20%
10%
0%
Pre-Session
Post-Session
How safe the IT system of the company is considered by experts
managing it
90%
80%
70%
Ratio of experts
60%
50%
40%
30%
20%
10%
0%
Pre-session
Not safe
15%
Safe
69%
Very safe
16%
Post-session
18%
82%
0%
Would you introduce new/additional security measures to protect
corporate business data?
100%
90%
Ratio of experts
80%
70%
60%
50%
40%
30%
Post-session
20%
10%
0%
Pre-session
Yes
No
Pre-session
Yes
88%
No
12%
Post-session
92%
8%
Introducing new security measures to protect data on client phones
60%
Ratio of experts
50%
40%
30%
20%
Post-session
10%
0%
Pre-session
Yes
No
Pre-session
Yes
59%
No
41%
Post-session
42%
58%
Demand for improving IT security on corporate level
80%
70%
Ratio of experts
60%
50%
40%
30%
20%
Post-session
10%
0%
Pre-session
Yes
No
Pre-session
Yes
59%
No
41%
Post-session
73%
27%
The evaluation
Commitment to professional trainings
Company IT system is considered less
secure than before
A more structured view of security,
relying on the IT Security Dept.
A more concise view of system
weaknesses
A need for change regarding the IT
security concept
Information security awareness
– a case study
The conclusion
Focus of experts moves to
company- and corporatelevel security from securing
end-user devices
Growing demand for expert
knowledge transfer
Information security
awareness – a case study
Solution-driven information
security approach in
practice
3rd Information Security and Cyber Defence Conference
Thank you for your attention
(and the fish)
2013 Balatonőszöd
Download
Related flashcards

Computer security

25 cards

Spyware removal

22 cards

Fictional hackers

61 cards

Malware in fiction

20 cards

Create Flashcards