Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Security Awareness for ISACA

advertisement 
Atlanta ISACA
Chapter Meeting
June 20, 2014
The Most
Critical Risk
Control:
Human
Behavior
Lynn Goodendorf
Director, Information
Security
AGENDA FOR THIS SESSION
 Why technical defenses are not enough
 Formal policy vs. training and awareness
 What does an effective security awareness program look like?
LESSONS FROM DATA BREACHES
Epsilon – spear phishing attack
AOL – not understanding data classification
Google, Yahoo and 18 others: users needed to update browsers
Gawker Media –used weak passwords for multiple applications
Target – began with phishing attack on 3rd party
FORMAL POLICY
Provides management guidance and intention
Protects company liability
Must be “translated” into key concepts and messages
Requires partnership with Human Resources
What does an effective security awareness program look like?
KNOW YOUR AUDIENCE
Language
Work environment
Types of computing devices
Job roles
KEEP IT SIMPLE
REPEAT…REPEAT…REPEAT
Screensavers
Newsletters
Posters
Online training
Webinars
EXPLAIN WHY
MAKE IT FUN!
ASK FOR FEEDBACK
TRACK AND MEASURE
RECOGNITION AND REWARDS
AWARENESS TOPICS
How to spot Key logging devices
Is Email Spam Harmful?
Watering hole attacks
Storing paper records
Visitors who may be imposters
Are cookies bad for you?
All about malware
MORE AWARENESS TOPICS
Create and remember strong passwords
Get Going with Mobile Security
What is a mobile botnet?
Found any free USB drives?
What did you capture on camera?
Erase those whiteboards!
We love to share email chain letters
AND MORE AWARENESS TOPICS
Dialing for Dollars: Phone Scams
Cell phone ringtone scams
Dangers of Counterfeit Software
Wi-Fi Security Tips at Home
Email Etiquette for Your Career
Has your Facebook account been hacked?
STANDARDS
NIST Special Publication 800-50 “Building an Information
Technology Security Awareness and Training Program”
ISO 27002:2013 Section 7.2.2 Deliver Information Security
Awareness Programs
Australian Government: Protective Security Governance Guidelines –
Security Awareness Training
COST OF SECURITY AWARENESS
Budgetary Planning: $5 - $10 per person per year
Online courses
Posters, Screen savers
Newsletters
Pens, Buttons, Etc.
WRAP UP AND QUESTIONS
Is an annual awareness session adequate?
Are acknowledgments of policy enough?
Are there better ways to audit that will help to drive improvement?
Related documents
Cardholder Alert: How to Avoid Phishing Scams
Cardholder Alert: How to Avoid Phishing Scams
Internet Safety - CFFinfo
Internet Safety - CFFinfo
Pandemic Phishing
Pandemic Phishing
The following malicious email was received by members of the
The following malicious email was received by members of the
INTERNET SECURITY
INTERNET SECURITY
Ch10
Ch10
“Interesting Tidbits about Technology” October 2013 Volume 1
“Interesting Tidbits about Technology” October 2013 Volume 1
14230878
14230878
Computer Crime - Cambridge IGCSE ICT Short notes
Computer Crime - Cambridge IGCSE ICT Short notes
Don’t Take the Bait on Phishing Scams Learning & Information Technology
Don’t Take the Bait on Phishing Scams Learning & Information Technology
Homework 3 Solutions
Homework 3 Solutions
Securing your PC
Securing your PC
Maintaining Momentum in Your Network
Maintaining Momentum in Your Network
PowerPoint Presentation template kit
PowerPoint Presentation template kit
Economics Chapter 3: Your Role as a Consumer
Economics Chapter 3: Your Role as a Consumer
Managing the Security and Privacy Risks of Social Media
Managing the Security and Privacy Risks of Social Media
Phishing
Phishing
How to recognize phishing email messages, links, or phone
How to recognize phishing email messages, links, or phone
The Age of the *Scammer* New vulnerability for an Ageing Society
The Age of the *Scammer* New vulnerability for an Ageing Society
Please RSVP no later than July 12, 2013.
Please RSVP no later than July 12, 2013.
Highly-Optimized Provably
Highly-Optimized Provably
Top IT Security Threats: 1 of 3: Data Leakage
Top IT Security Threats: 1 of 3: Data Leakage
Download
advertisement