INFORMATION SECURITY AWARENESS Whose Job is it Anyway? Ron Freedman Ron Freedman Vice President VCampus Corporation Scott Wright Scott WrightPresident.

Slides:



Advertisements
Similar presentations
A Reliable and Secure Network TM105: ESTABLISHING SANE TECHNOLOGY POLICIES FOR YOUR PROGRAM.
Advertisements

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
BUSINESS B2 Ethics.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works
Chapter 12 Network Security.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Factors to be taken into account when designing ICT Security Policies
1 IT Security Awareness, Training and Education Trends Dan Costello Policy Analyst OMB.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Protecting ICT Systems
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.
Computer Crime and Information Technology Security
Information Security Issues at Casinos and eGaming
Implementing Security Education, Training, and Awareness Programs
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 Securing Channels of Communication Secure Sockets Layer (SSL): Most common form of securing channels.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Copyright Scott Wright. All rights reserved. 1 SC Selling the Streetwise Security Awareness Program.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Management Plan Goran Smajlagic S English 2100.
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Network Security & Accounting
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Introduction to Information Security
Scott Charney Cybercrime and Risk Management PwC.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
CONTROLLING INFORMATION SYSTEMS
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
Implementing Security Education, Training, and Awareness Programs By: Joseph Flynn.
Implementing a Security Policy JISC – ICT Security Threats & Promises, April 2002 Mick Ismail ICT Services Manager City of Wolverhampton College.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.
Information Management System Ali Saeed Khan 29 th April, 2016.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Philip J. Beyer, Information Security Officer John P. Skaarup, Sr. Security Engineer Texas Education Agency Information Security.
CS457 Introduction to Information Security Systems
Data and database administration
Security in Networking
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Call AVG Antivirus Support | Fix Your PC
Security Essentials for Small Businesses
Cybersecurity Threat Assessment
Definition Of Computer Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
OU BATTLECARD: Oracle Identity Management Training
Basic Systems Management Employing Security Policies
“Workplace Behaviour: Activating your greatest security asset”
Presentation transcript:

INFORMATION SECURITY AWARENESS Whose Job is it Anyway? Ron Freedman Ron Freedman Vice President VCampus Corporation Scott Wright Scott WrightPresident Network Security Solutions

Copyright 2002 VCampus Corporation 2 Information Security Awareness Today’s Agenda  What is Information Security?  The Goals of an Information Security Program  External Threats  Internal Threats  It's Everyone's Job  The Role of Online Learning  Demonstration  Questions and Answers

Copyright 2002 VCampus Corporation 3 What Is It? First, a definition of “Information Security” Then, we’ll talk about “Information Security Awareness ”

Copyright 2002 VCampus Corporation 4 A Traditional Definition “The protection afforded to an information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (including hardware, software, firmware, information/data, and telecommunications).” The NIST Handbook

Copyright 2002 VCampus Corporation 5 Goals of Information Security  Traditional CIA – C onfidentiality – I ntegrity – A vailability  Add to that... – Accountability – Auditability – Nonrepudiation

Copyright 2002 VCampus Corporation 6 Purpose of Security Awareness To create employee sensitivity to the threats and vulnerabilities of information systems To help employees recognize the need to protect data and information To help employees recognize that IT security is critical To set the stage for information security training

Copyright 2002 VCampus Corporation 7 What Should Be Included Start with policies – Explain that your organization values information as a critical asset – Explain the threats to your information systems and why you created the company policies People tend to follow policies when they know the “why”

Copyright 2002 VCampus Corporation 8 External Threats Hackers Viruses

Copyright 2002 VCampus Corporation 9 Well Known Hacker Groups Cult of the Dead Cow 2600 Defcon 9.0

Copyright 2002 VCampus Corporation 10 Viruses What is a virus… Just a program – To be a virus, a program must: u Reproduce and infect u It can do almost anything it wants to do, but … u The bigger it gets, the easier it is to find.

Copyright 2002 VCampus Corporation 11 Internal Threats Contractors Visitors Employees “ECP”

Copyright 2002 VCampus Corporation 12 Coffee Break

Copyright 2002 VCampus Corporation 13 It’s Everyone’s Job Management Technical Staff End Users

Copyright 2002 VCampus Corporation 14 The Role of Online Learning Tailored content for various user communities Rapidly updated to address new threats Consistent message delivered to each audience Ability to measure achievement of learning objectives Tracking capability for compliance needs

Copyright 2002 VCampus Corporation 15 Online Demonstration

Copyright 2002 VCampus Corporation 16 What Can You Do? Perform a Risk Analysis Create and publish security policies – Your information security policies should include at least: Password control and protection Internet access Virus prevention Start an Awareness Program

Copyright 2002 VCampus Corporation 17 How Do I Learn More?  VCampus security courses include:  Information Security Awareness  Selecting a Good Password  Internet Security  Firewall Principles  Secure Web Commerce  PKI  Workplace Security  Air Travel Safety

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.