Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Education, Training, and Awareness Programs Jeff Summits.

Published byCrystal Flowers Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Education, Training, and Awareness Programs Jeff Summits."— Presentation transcript:

1 Security Education, Training, and Awareness Programs Jeff Summits

2 Overview  Importance of security programs  Three types of programs * Security Education * Security Education * Security Training * Security Training * Security Awareness * Security Awareness

3 Importance of SETA programs  To enhance security in three ways: * by building in-depth knowledge to design, implement, or operate security programs * by building in-depth knowledge to design, implement, or operate security programs * by developing skills and knowledge so that users can perform their jobs more securely * by developing skills and knowledge so that users can perform their jobs more securely * by improving awareness of the need to protect system resources * by improving awareness of the need to protect system resources

4 Importance of SETA programs  Benefits of the programs * Can improve employee behavior * Can improve employee behavior * Enable the organization to hold employees accountable for their actions. * Enable the organization to hold employees accountable for their actions.

5 Security Education  Many organizations encourage their employees to seek proper formal education as a method to learn more about their role within the company  Different sources of education *Colleges and Universities *Colleges and Universities *Private companies that specialize in security education *Private companies that specialize in security education *Government agencies *Government agencies

6 Security Education  National Security Agency  National Institute of Standards and Technology  Virginia Alliance for Security Computing and Networking

7 Security Education  “An educational system that cultivates an appropriate knowledge of computer security will increase the likelihood that the next generation of IT workers will have the background needed to design and develop systems that are engineered to be reliable and secure” ~Integrating Security into the Curriculum ~Integrating Security into the Curriculum

8 Security Training  Providing members of the organization with detailed information and hands-on instruction  Training can either be: * In-house training * In-house training * Outsourced formal training * Outsourced formal training  Good, quality training methods are vital to the prosperity, development, and security of an organization

9 Security Training  In-house training methods can include: * One-on-One: a trainer works with each trainee * One-on-One: a trainer works with each trainee * Formal Class: a single trainer teaches multiple trainees in a formal setting * Formal Class: a single trainer teaches multiple trainees in a formal setting * Computer-Based: prepackaged software that provides training * Computer-Based: prepackaged software that provides training * Distance Seminars: trainees receive a seminar presentation at their computer * Distance Seminars: trainees receive a seminar presentation at their computer

10 Security Training cont. * On-the-Job: trainees learn the specifics of their jobs while working * On-the-Job: trainees learn the specifics of their jobs while working * Self-Study: trainees study their material on their own * Self-Study: trainees study their material on their own

11 Security Training  SysAdmin, Audit, Network, Security (SANS)  CSI  Information Systems Security Association (ISSA) *These organizations teach security training in a number of ways. They conduct conferences, meetings, and seminars. They also create monthly journals and online newsletters. *These organizations teach security training in a number of ways. They conduct conferences, meetings, and seminars. They also create monthly journals and online newsletters.

12 Security Training  “Training criteria are established according to trainees’ role(s) within their organizations, and are measured by their on-the-job performance. This emphasis on roles and results, rather than on fixed content, gives the Training Requirements flexibility, adaptability, and longevity… Organizations cannot protect the integrity, confidentiality, and availability of information in today’s highly networked system environment without ensuring that each person involved understand their roles and responsibilities and is adequately trained to perform them”

13 Security Awareness  Most effective security method  Keeps information security at the forefront of user’s minds on a daily basis  Serves to instill a sense of responsibility and purpose in employees  Reminds users of the procedures to be followed  Designed to modify any employee behavior that endangers the security of sensitive information

14 Security Awareness The Ten Commandments of Security Awareness * Information security is a people issue * Information security is a people issue * Speak their language so they can understand * Speak their language so they can understand * They must see it to learn it * They must see it to learn it * Define at least one key learning objective * Define at least one key learning objective * Keep things light and add some humor * Keep things light and add some humor * Don’t overload the users * Don’t overload the users * Help users understand their roles * Help users understand their roles * Take advantage of in-house communication * Take advantage of in-house communication * Make the awareness program formal * Make the awareness program formal * Provide good information early and be timely * Provide good information early and be timely

15 Security Awareness  Many security awareness components are available at low cost, or virtually no cost at all  Awareness components can include: * Videos * Videos * Posters and banners * Posters and banners * Computer-based training * Computer-based training * Newsletters * Newsletters * Brochures and flyers * Brochures and flyers * Trinkets (coffee cups, pens and pencils, T-shirts) * Trinkets (coffee cups, pens and pencils, T-shirts) * Bulletin boards * Bulletin boards

16 Security Awareness

17

18 Conclusion * Education, Training, and Awareness Programs are essential components to keeping an organization’s information assets secure, and also is important for the longevity of the organization too. * Education, Training, and Awareness Programs are essential components to keeping an organization’s information assets secure, and also is important for the longevity of the organization too.

19 Any questions?? Any questions??

Download ppt "Security Education, Training, and Awareness Programs Jeff Summits."

Similar presentations

Orientation to EVALUATION PROCEDURES August, 2006.

Orientation to EVALUATION PROCEDURES August, 2006.
Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.

Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.
FASS Disability Initiative Seminar Two: Curriculum and Course Design Dr Leanne Dowse (SSIS) and Dr Brooke Dining.

FASS Disability Initiative Seminar Two: Curriculum and Course Design Dr Leanne Dowse (SSIS) and Dr Brooke Dining.
Effective Collaboration

Effective Collaboration
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Training and Developing Employees

Training and Developing Employees
Developing the Security Program

Developing the Security Program
Chapter 5 Developing the Security Program

Chapter 5 Developing the Security Program
Lecture 11 Information Systems Training (Chapter 11)

Lecture 11 Information Systems Training (Chapter 11)
Human Resource Management: Gaining a Competitive Advantage

Human Resource Management: Gaining a Competitive Advantage
Introduction to Systems Analysis and Design

Introduction to Systems Analysis and Design
TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management
Developing the Security Program

Developing the Security Program
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Providing Orientation and Training

Providing Orientation and Training
Developing the Security Program

Developing the Security Program
Management of Information Security Chapter 5 Developing the Security Program We trained hard ... but every time we formed up teams we would be reorganized.

Management of Information Security Chapter 5 Developing the Security Program We trained hard ... but every time we formed up teams we would be reorganized.
Adapted from the presentation of Mr. Yan Suo

Adapted from the presentation of Mr. Yan Suo
1.

1.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing

Similar presentations

Ads by Google