ORGANISATIONAL CULTURE ORGANISATION MUST PROVIDE FOR INFORMATION SECURITY FAILING TO PLAN, IS PLANNING TO FAIL ASPECTS THAT SHOULD BE ADRESSED DURING SECURITY AWARENESS TRAINING QUESTIONS ? SCOPE

TO DEMONSTRATE THE IMPORTANCE OF SECURITY AWARENESS IN ENHANCING THE SECURITY MATURITY OF USERS AIM

ORGANISATIONAL CULTURE DETERMINES IMPORTANCE OF INFORMATION SECURITY ORGANISATION MUST PROVIDE FOR INFORMATION SECURITY: ENHANCE SECURITY KNOWLEDGE OF USERS CHANGE ATTITUDE TOWARDS SECURITY CHANGE BEHAVIOUR PATTERNS HUMANS ARE THE WEAK LINK IMPORTANCE OF SECURITY AWARENESS

FORMAL TRAINING AND EDUCATION ADDRESS KNOWLEDGE OF USERS ATTITUDE AND BEHAVIOUR CHANGES COME WITH UNDERSTANDING OF SECURITY RISKS CULTURAL CHANGE WRT INFORMATION SECURITY MUST BE ACHIEVED IMPORTANCE OF SECURITY AWARENESS

SECURITY AWARENESS TRAINING SECURITY AWARENESS TRAINING SUCCESS DEPENDS ON EFFECTIVE PLANNING. AWARENESS TRAINING PROGRAM EXTREMELY IMPORTANT MANAGEMENT APPROVAL MUST BE OBTAINED FOLLOW A LIFECYCLE TO ENSURE CONTINUOUS IMPROVEMENT

TYPICAL SECURITY AWARENESS TRAINING LIFECYCLE Threat assessment

What are the threats ? How to counteract identified threats Passwords (use, compilation, changing, secrecy) Preventing unauthorised access Malicious code/countermeasures ing Backup/DRPs Use and safeguarding of removable data media Use of “Freeware” Theft prevention Social engineering (dangers of social networks) CONTENT OF SECURITY AWARENESS TRAINING

Questions ??