Employee Security Awareness

Slides:



Advertisements
Similar presentations
External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.
Advertisements

Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
By Saurabh Sardesai October 2014.
Risk Management Vs Risk avoidance William Gillette.
Documenting Network Design
Information Security Training for Management Complying with the HIPAA Security Law.
A Security Training Program through Transformational Leadership and Practical Approaches Tanetta N. Isler Federal Information Systems Security Educators’
9 Closing the Project Teaching Strategies
© 2012 IBM Corporation Symposium on Digital Curation 0 The Future Workforce Steven Miller IBM.
© 2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.
Business Continuity and Disaster Recovery Chapter 8 Part 1 Pages 897 to 914.
© 2012 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S.
Juan Ortega 12/15/09 NTS355. Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.
Annual CISO Update Ken Runyon, CISO
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
Surf smart training.
Everything Electronic
Performing Risk Analysis and Testing: Outsource or In-house
NCHCA Relationship Self-Audit Results
Human Resources Role.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Security Awareness Program
Cybersecurity - What’s Next? June 2017
CREATING & COMMUNICATING VALUE IN YOUR CLIENT ENGAGEMENT PROCESS
BEST PRACTICES FOR AN IT SECURITY ASSESSMENT
Empower Managers to Take Ownership of Employee Engagement
CHAPTER 2 – ROLES OF CONSTRUCTION PERSONNEL IN SAFETY AND HEALTH
Microsoft 365 Get help with regulatory compliance
Professional Security Service
Introduction to the Federal Defense Acquisition Regulation
Information Technology Project Management – Fifth Edition
Using MIS Part 4 Information Systems Management 10th Edition
Defining an IT Workflow, from Request to Support
Serving Students with Special Needs
Overview – Guide to Developing Safety Improvement Plan
Making Information Security Manageable with GRC
Overview – Guide to Developing Safety Improvement Plan
IT Development Initiative: Status and Next Steps
Making Information Security Actionable with GRC
Why ISO 27001? Subtitle or presenter
By Jeff Burklo, Director
Dealing with your GDPR Challenges
The Practical Side of Meaningful Use:
Cyber security Policy development and implementation
Why ISO 27001? MARIANNE ENGELBRECHT
1 Stadium Company Network. The Stadium Company Project Is a sports facility management company that manages a stadium. Stadium Company needs to upgrade.
Model T(eamwork) in The Aid Office
Title By Name(s) CS 478 Network Security
Drew Hunt Network Security Analyst Valley Medical Center
Urban Engineers ISO 9001:2015 General Overview
Risk Mitigation & Incident Response Week 12
RTW Self Assessment using the 5 Steps
KEY INITIATIVE Shared Services Function Management
RTW Self Assessment using the 5 Steps
Standards Aware Course Review
Dark Web Domain Status Report
Process and Procedure Documentation
Effective Construction Safety Management
Basic Systems Management Employing Security Policies
2019 Scorecard September 2019.
From Baby Boomers to Millennials
Presentation transcript:

Employee Security Awareness Tuesday, April 9, 2019 Louis Stramaglio IT Ops Supervisor

Are You Vulnerable? What is the greatest vulnerability in your organization? Electronic Security Perimeter IT Network OT Network Permissions Physical Security

YES! Employees End users Clients Customers Contractors

Question Does your company have an Employee Security Awareness Program?

IT Security Program Understand and comply with company security policies and procedures Be appropriately trained in the rules of behavior for the systems and applications to which they have access Work with management to meet training needs Keep end users aware of actions they can take to better protect their company’s information

Security Program Contents Security Policies Designed to protect the data Business needs Known risks 2. Define responsibilities Who is responsible Staff responsibilities IT/Security responsibilities 3. Establish Processes Monitor the program Review results IRP(Incident Response Plan)

Question Do you believe your current Employee Security Awareness Program has Management Buy-in?

Management Buy-in Support Budget Reporting Feedback

What is Awareness? Not training Addresses concepts and behaviors Terminology Informational

Best Asset/Biggest Vulnerability

Create the Awareness Plan Strategy and Plan Feedback from key groups Assess current materials Create a baseline Review current metrics Analysis of findings and recommendations Current trends Prioritize Schedule, but remain flexible Make it “So Number One”

Ransomware

We Are Done, Right? Awareness

We Are Done, Right? Awareness Training

Who Needs Training? Stay flexible End users IT Executives Everyone Training everyone equally doesn’t always mean training everyone the same way. Stay flexible

Where Does Training Come From? In-house LMS Outsource

NOW We Are Done, Right? Awareness Testing & Education Training

Why Test Me? Measure your success Report your success to management Remember, stay flexible Prioritize weak points, add new content Continue the cycle

Participant Challenge Obtain Management buy-in Create your awareness plan based on your IT Security Program Generate a security baseline and prioritize Train everyone Test everyone Stay flexible and prioritize

Lou Stramaglio IT Ops Supervisor lstramaglio@wecc.org

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.