Presentation is loading. Please wait.

Presentation is loading. Please wait.

Employee Security Awareness

Published byἸαρέδ Αναγνώστου Modified over 5 years ago

Similar presentations

Presentation on theme: "Employee Security Awareness"— Presentation transcript:

1 Employee Security Awareness
Tuesday, April 9, 2019 Louis Stramaglio IT Ops Supervisor

2 Are You Vulnerable? What is the greatest vulnerability in your organization? Electronic Security Perimeter IT Network OT Network Permissions Physical Security

3 YES! Employees End users Clients Customers Contractors

4 Question Does your company have an Employee Security Awareness Program?

5 IT Security Program Understand and comply with company security policies and procedures Be appropriately trained in the rules of behavior for the systems and applications to which they have access Work with management to meet training needs Keep end users aware of actions they can take to better protect their company’s information

6 Security Program Contents
Security Policies Designed to protect the data Business needs Known risks 2. Define responsibilities Who is responsible Staff responsibilities IT/Security responsibilities 3. Establish Processes Monitor the program Review results IRP(Incident Response Plan)

7 Question Do you believe your current Employee Security Awareness Program has Management Buy-in?

8 Management Buy-in Support Budget Reporting Feedback

9 What is Awareness? Not training Addresses concepts and behaviors
Terminology Informational

10 Best Asset/Biggest Vulnerability

11 Create the Awareness Plan
Strategy and Plan Feedback from key groups Assess current materials Create a baseline Review current metrics Analysis of findings and recommendations Current trends Prioritize Schedule, but remain flexible Make it “So Number One”

12 Ransomware

13 We Are Done, Right? Awareness

14 We Are Done, Right? Awareness Training

15 Who Needs Training? Stay flexible End users IT Executives Everyone
Training everyone equally doesn’t always mean training everyone the same way. Stay flexible

16 Where Does Training Come From?
In-house LMS Outsource

17 NOW We Are Done, Right? Awareness Testing & Education Training

18 Why Test Me? Measure your success Report your success to management
Remember, stay flexible Prioritize weak points, add new content Continue the cycle

19 Participant Challenge
Obtain Management buy-in Create your awareness plan based on your IT Security Program Generate a security baseline and prioritize Train everyone Test everyone Stay flexible and prioritize

20 Lou Stramaglio IT Ops Supervisor

Download ppt "Employee Security Awareness"

Similar presentations

Www.theiia.org External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.

External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.
Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.

Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
Risk Management Vs Risk avoidance William Gillette.

Risk Management Vs Risk avoidance William Gillette.
Documenting Network Design

Documenting Network Design
Information Security Training for Management Complying with the HIPAA Security Law.

Information Security Training for Management Complying with the HIPAA Security Law.
A Security Training Program through Transformational Leadership and Practical Approaches Tanetta N. Isler Federal Information Systems Security Educators’

A Security Training Program through Transformational Leadership and Practical Approaches Tanetta N. Isler Federal Information Systems Security Educators’
9 Closing the Project Teaching Strategies

9 Closing the Project Teaching Strategies
© 2012 IBM Corporation Symposium on Digital Curation 0 The Future Workforce Steven Miller IBM.

© 2012 IBM Corporation Symposium on Digital Curation 0 The Future Workforce Steven Miller IBM.
© 2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

© 2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.

Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
April 14, 2003- A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Instructional & Information Technology Services Fall, 2008 2010 Activities and Updates Teresa Macklin Information Security Officer Information Security.

Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.
Business Continuity and Disaster Recovery Chapter 8 Part 1 Pages 897 to 914.

Business Continuity and Disaster Recovery Chapter 8 Part 1 Pages 897 to 914.
© 2012 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S.

© 2012 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S.
Juan Ortega 12/15/09 NTS355. Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two.

Juan Ortega 12/15/09 NTS355. Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.

Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Similar presentations

Ads by Google