Security Awareness Program

Slides:



Advertisements
Similar presentations
1 of 20 Evaluating an Information Project From Questions to Results © FAO 2005 IMARK Investing in Information for Development Evaluating an Information.
Advertisements

Welcome to the seminar course
Lance Spitzner
Risk Management NDS Forum June 23 rd Example safety objective Objective 1: To protect the health, safety & welfare of employees and people at our.
Elements of Effective Behavior Based Safety Programs
Welcome to IST331 S1 Main concepts today Introduction to team, processes The user Cognitive ergonomics, design Examples of things about the user that are.
Ian F. C. Smith Preparing and presenting a poster.
Delegation in the workplace PRESENTED BY: STEPHEN SHROPSHIRE JENNIFER MARLOW.
AP CSP: Identifying People with Data and The Cost of Free
New Employee Orientation
Social Media and the job Search
Coaching to move QI forward Introduction
Continuous improvement through collaborative development
Provide instruction.
Why do we need a compensation survey
Getting Started on Your Project
Welcome to IST331 S1 Main concepts today
AP CSP: Data Assumptions & Good and Bad Data Visualizations
Top 10 DevOps online Resources to learn Share & Practice by scmGalaxy
Logistics OUTCOMES EVALUATION.
Personal Power 6: Value and belief system
Growth Mindset vs Fixed Mindset
Microsoft Dynamics GP User Group (GPUG®)
Making card acceptance work for you
Microsoft Dynamics GP User Group (GPUG®)
FEASIBILITY STUDY Feasibility study is a means to check whether the proposed system is correct or not. The results of this study arte used to make decision.
Create your Benner - intro
Performance Feedback Training
Chapter 2: Mapping and Assessing Career Readiness Policies, Programs, and Industries May 2017 Copyright © 2017 American Institutes for Research. All rights.
Microsoft Dynamics GP User Group (GPUG®)
Fast Action Links extension A love letter to CiviCRM
Facilitation guide for Building Team EQ skills.
Optimizing L&D Contribution to Business Outcomes
MTM Measurement Initiative
OMB and Information Sharing
NHS Education for Scotland Always Event Project
Helpful Tips and Tricks for Reading in World History
Managing Change and Other Keys to Successful Implementation
Module 6: Using the Child and Adolescent Flipcharts
Why should you use simulators for training?
MTM Measurement Initiative
Youngwummin: Ethics and Data Collection Methods
HOW TO USE THE SKILLS LIST TO IMPROVE STUDENT ACHIEVEMENT
This Class This is a graduate level spatial modeling class in natural resources This will be one of the most challenging classes you’ll probably take You’ll.
Lean Six Sigma Project Name: Project: Date: Intros Expecations
Uppingham Community College
Designed for internal training use:
Just in case you missed it… It’s about the RELATIONSHIP(S)!
Prosci’s ADKAR® Model Please read
Spread & Scale #CYPIC Intro – Hello my name is and intro everyone else
Engaging Your Stakeholders and Making the Most of Your Team
Show me the Moodle An orientation to the RETA Moodle
Data Science Meetup Matthew Renze Data Science Consultant
Presentation Soft Skills
Effective Presentation
This Class This is a graduate level spatial modeling class in natural resources This will be one of the most challenging classes you’ll probably take You’ll.
Building Good Relationships at Work
Effective Parent-Teacher Conferences
 GDPR Readiness Quiz Quick Insight: Quick Insight: Quick Insight:
Artificial Intelligence (AI) has been around for some time now, but it is only really in the past few years that we have seen some major breakthroughs.
Working in the Community How do I get the most out of it?
Fahrig, R. SI Reorg Presentation: DCSI
Employee Security Awareness
Employee Cybersecurity Program
Data Recovery: Why Secure Deletion is so Important.
Asking Good Questions A Webinar for The State of Pennsylvania
Are you measuring what really counts?
Unit 2 Growing pains PROJECT.
Anna Adams Martina Angela Sasse
LAB2-R04 Achieving and Measuring Success with the Security Awareness Maturity Model Lance Spitzner Director SANS Securing The
Presentation transcript:

Security Awareness Program Securing the Human Security Awareness Program Welcome to Securing the Human, creating an effective security awareness program. For those who don’t know me: Introduction and background

Why Is Security Awareness Important? Get responses to this list. Get people talking.

How Mature Is Your Awareness Program? The assumption is that, if you are attending this training it is because you need to implement a security awareness program or because you already have one and want to improve it. By the raise of hands let’s see where we stand.

How Do You Compare to Similar Organizations These are the industries most likely to attend this conference. How do you compare.

What Are Your Greatest Challenges? Take a minute to look over this list of challenges. Does this ring true? <Get people talking.>

What Are Your Greatest Challenges? Internal Support These top three challenges are all related. How are they related?

Conclusions Increased Support Access to Soft Skills More Time Bigger Budgets If you have a Security Awareness Program(SAP) and it is failing, or you don’t have one and have been unable to get one started, we can conclude that you have a need for one or more of these 4 things. Increased Support (From Who?) Access to Soft Skills(What does this mean?) = The communication barrier between geeks and normal folk. More Time(Only 24 hrs in a day) = What are we really asking for? = dedicated time to focus on this task. Bigger Budget(needs no explanation)

Gaining internal Support Stakeholder Presentation The Human Element Data Breaches Compliance Requirements Your organization may be required to protect certain types of data (card holder, PHI, PII, PNI, etc). Your organization may be required to conduct security awareness training. The Ask. Here are several sites where you can search records of publicly known data breaches. https://www.privacyrights.org/ https://blog.datalossdb.org/ http://www.verizonenterprise.com/DBIR/2015 https://securingthehuman.sans.org/media/resources/business-justification/sans-compliance-requirements.pdf Stakeholder Presentation = Create one that allows you to talk about the need for this program with management. Who has tried to create a Stakeholder Presentation? In hindsight, do you have any tips for the rest of us. Recommendations: Keep it simple, show specific examples, use statistics, Compare costs, point out compliance obligations, The Ask is essential, this is where you ask for the specific things you will need. Make sure that management understands that the program will not be successful without their full support and cooperation.

You have “Buy In”, Now What? Many times getting “buy in” or “Management Support” Simply means that you have been given the green light to move forward with an awareness program.

Planning Your Security Awareness Program What Help is Available? https://securingthehuman.sans.org/media/resources/SecurityAwarenessPlanningKit.zip MGT433: Building High-Impact Awareness Programs What is most important? A key step in managing your human risk is to identify, prioritize and then focus on the top risks. https://www.youtube.com/watch?v=OGtTiXyth8g How can I make it stick? Fogg Behavior Model

The Fogg Behavior Model The more motivation someone has and the easier it is to do, the more likely they are to exhibit the desired behavior. We tend to focus on the left axis.( i.e. Passwords ) Truth is, most people want to be secure so when they don’t do things in a secure way it is because it is too hard. How can we make password management easier? Password Managers, Two factor authentication. Beware of the curse of knowledge (Your assumption that others know the same things that you know.) Those who know the most about a topic are usually the worst at communicating it to others.

Measuring Results Focus on just a few high value metrics Metrics that measure the deployment of your awareness program. How well are we reaching our user base with this program? Use metrics that are actionable, low cost and repeatable. Metrics that measure the impact of your awareness program. Is behavior changing? Human metrics are assessments; get permission. People have feelings; implement metrics that people like. https://securingthehuman.sans.org/media/resources/planning/Stage05-01-MetricsMatrix.zip

Questions? The content for this presentation is almost exclusively taken from Sans.org https://securingthehuman.sans.org/resources Contact Info: ~wes furgson UEN Network Security Analyst 801-883-4899

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.