Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why is this called “the ostrich effect”?

Published byMaximillian Reynolds Modified over 6 years ago

Similar presentations

Presentation on theme: "Why is this called “the ostrich effect”?"— Presentation transcript:

1 Why is this called “the ostrich effect”?
“In many companies the security of information rests precariously on the honesty, integrity and care of the staff, and nothing else.” Why is this called “the ostrich effect”? If you have read the module, you will be able to explain to the audience the relevance of the person who made this statement. M11, P15 – Are You Sufficiently Prepared to Meet the Threat?

2 A 2009 Ponemon Institute report revealed that over 50% of disaffected employees target company information as they prepare to depart. Might this happen in our company, or are we different because all of our employees are contented? How can we begin to address this problem by technical and non- technical means? This slide is designed to elicit discussion. You should have the answers in your head, and you can provide them in writing in the accompanying handout. M11, P42 – Sources and Motivations of Malicious Insiders

3 Could it happen here? This slide is designed to elicit discussion. You should have the answers in your head, and you can provide them in writing in the accompanying handout. It is an alternative to the one shown previously. How do we protect out databases? Are there any weaknesses in our approach? M11, P42 – Sources and Motivations of Malicious Insiders

4 Social engineering s seek to get you to click on links in order to steal your private information. This message is designed to trick recipients into infecting the network. What awareness programmes to we have in place to reduce the risk of users clicking on infected links? This slide is designed to elicit discussion. You should have the answers in your head, and you can provide them in writing in the accompanying handout. If you know how, you could replace this with a phoney from one well-known person to another. They are easy to create. M11, P37 – Social Engineering

5 What are these and where might you find one?
Is there a company procedure to check the connections on the back of our computers? You can reinforce the point that many such devices have been planted by cleaners and guards, they are left for a few days, and then removed by the perpetrator. If you go to the internet, you will find case studies of where they have been used. M11, P34 – Technical Surveillance

6 You can reinforce the point that
M11, P34 – Technical Surveillance

7 Which of these presents a better opportunity to today’s information thief?
The answer is obviously the right image. It takes effort to copy the documents on the left, but the unattended laptop can be “data-slurped” using a flash drive in under a minute. M11, P39 – Data Slurping

8 Company Information Security Policy Extract
W O R D “All user-chosen passwords must be difficult to guess. You must not use: Words in a dictionary, derivatives of userIDs, names of celebrities, obscene words, and common character sequences such as Personal details such as birthdays, spouse’s name, car licence plate, social security number or employee number, and birthday. Any part of speech. For example, proper names, geographical locations, common acronyms and slang.” A key element of awareness is company policy, so your presentation should include this. Don’t try to present it all; just take selected extracts. The best passwords are those that include a mix of upper- and lowercase letters, numbers and non-alphanumeric characters. Company Information Security Policy, Section xyz

9 Company Information Security Policy Extract
W O R D P R I V A C Y “All identifying information about customers and staff, such as bank account details, credit card information, credit references, background checks, dates of birth, and postal addresses etc., must be accessible ONLY to those Company personnel who need such access in order to perform their jobs.” An interactive way to introduce the meaning of the CIA Triad. To share such information with other parties, or to inadvertently or negligently disclose such, may put the Company in breach of data protection legislation. Company Information Security Policy, Section xyz

10 Let’s go around the room and agree on an action point that each participant is going to take away today…. This is a different approach to Q&A. Q&A has a tendency to place the speaker as the expert and is less empowering of the audience. This approach is better at empowering the audience and it reinforces the key points.

Download ppt "Why is this called “the ostrich effect”?"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
Email June 2013. Email Email is an easy way to communicate. It costs nothing to send an email, but it does require a connection to the Internet. You can.

June is an easy way to communicate. It costs nothing to send an , but it does require a connection to the Internet. You can.
Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1

Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
PRIVACY BOOTCAMP https://www.youtube.com/watch?v=5P_0s1T YpJU.

PRIVACY BOOTCAMP YpJU.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
Topic 5: Basic Security.

Topic 5: Basic Security.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. Cyber.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. Cyber.
Scams and Schemes Essential Question: What is identity theft, and how can you protect yourself from it?

Scams and Schemes Essential Question: What is identity theft, and how can you protect yourself from it?
You. are at risk for the fastest growing crimes crime.

You. are at risk for the fastest growing crimes crime.
PRIVACY BOOTCAMP Jack Vale - Social Media Experiement.

PRIVACY BOOTCAMP Jack Vale - Social Media Experiement.
5 different ways to get tricked on the internet. 1. Viruses A virus is a computer malware program that copies it’s files to the computer. This may allow.

5 different ways to get tricked on the internet. 1. Viruses A virus is a computer malware program that copies it’s files to the computer. This may allow.
Government Agency’s Name April 2013. Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.

Government Agency’s Name April Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.
Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.

Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.
1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.

1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.
ONLINE SECURITY Tips 1 Online Security Online Security Tips.

ONLINE SECURITY Tips 1 Online Security Online Security Tips.

Similar presentations

Ads by Google