Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Human Firewall Creating a security aware workforce APPLIED INFORMATION SERVICES Andrew Breakwell Business Development Director Compliance Division.

Published byJared Joseph Modified over 9 years ago

Similar presentations

Presentation on theme: "The Human Firewall Creating a security aware workforce APPLIED INFORMATION SERVICES Andrew Breakwell Business Development Director Compliance Division."— Presentation transcript:

1 The Human Firewall Creating a security aware workforce APPLIED INFORMATION SERVICES Andrew Breakwell Business Development Director Compliance Division

2 2 Agenda  Establishing the Need  Common pitfalls  Planning  Delivery  Evaluation and Metrics

3 3 Corporate overview  Governance, Risk and Compliance (GRC) specialists for more than 16 years  Focus on improving staff awareness, knowledge and understanding  Providers of:  Information newsfeeds and alerts  Learning content and services  Risk management and auditing systems  Part of SAI Global, ASX quoted, c950 employees  Offices in Europe, North America and Australasia  Global client base – specialists in large scale, international deployments  4,000,000+ end users, resources in 20+ languages

4 4 Establishing the Need “Most security breaches occur at ground floor level, through employees making errors or inadvertently revealing information. It is ironic therefore that so many organizations do not have a comprehensive awareness program in place... perhaps missing the obvious and focusing upon the rather more stimulating high-tech threat instead.” ISO 17799 News

5 5 Establishing the Need Deloitte 2007 Global Security Survey ‘79 percent of participants cite the human factor as the root cause of information security failures’ CSI Computer Crime and Security Survey 2007 ‘The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year’ ENISA: IS Awareness Initiatives – Current practice and the measurements of success 2007 ‘… information security is seen as a high or very high priority in four fifths of respondents.’ ‘War stories’

6 6 Common pitfalls  Lack of senior management support  Adopting a ‘one size fits all’ approach – mismatch between content and target audience  Not connecting the program to a Needs Assessment  Objectives and outcomes poorly defined  Training ‘fatigue’  Poor communication and planning  Developing a limited program based on specific budget target (not the one you want)  Lack of in-house expertise – not involving other experts  Assuming it’s a one-time initiative – not an ongoing process  Lack of evaluation and measurement  BORING…! Lack of engaging and relevant content

7 7 Planning  Needs assessment

8 8 Planning Needs Assessment  WHO gets the training  WHAT training they get  HOW the training is delivered  WHERE the training takes place  WHEN the training takes place  Over the short, medium and long term  Aligned with corporate goals and objectives  Clear business case for all elements  Clearly defined measurement criteria - benchmarking

9 9 Planning  Needs assessment  Identify audience – not a ‘one size fits all’ approach

10 10 Planning Identify audience  Full time/Part time?  New hires, trainees?  Senior management or management-role?  Specific departments or job ‘families’ (e.g. HR, IT, Security)?  Based on job or role (e.g. employees handling large amounts of data, remote workers)?  Specific technology users (e.g. employees with laptops)?  Specific location (e.g. country or region, manufacturing site, branch offices)?  PLUS customers, suppliers?

11 11 Planning  Needs assessment  Identify audience – not a ‘one size fits all’ approach  Set objectives and timescales  Collaborate  Communicate and market  What’s available?  Establish the team – identify project owner  Identify resource and budget needs  Express funding needs  Assign a Program Manager

12 12 Delivery Develop course content  Core training  Senior management training

13 13 Delivery Core training – to include content for senior managers  E-learning for IT users  Reduced delivery costs  Reduced training time  Flexibility and convenience  Engaging and interactive  Self-paced and non-threatening  Consistent content and delivery  Ease of updating  Accurate measurement and control  Tailored content – ‘off-the-shelf’ or bespoke  Workshops  PowerPoints  Handouts  Trainers Notes  ‘Train the Trainer’ sessions

14 14 Delivery E-learning – engaging content

15 15 Delivery Develop course content  Core training  Senior management training  New starter training  Refresher training  Specialist training  Assessment testing

16 16 Delivery Assessment testing

17 17 Delivery Develop course content  Core training  Senior management training  New starter training  Refresher training  Specialist training  Assessment testing  Ongoing awareness activity

18 18 Delivery Ongoing awareness activity Interactive e-mails Marketing materials Posters Newsletters Cartoons Giveaways Video ‘Moments’

19 19 Delivery  Develop course content  Confirm technology requirements and test  Establish tracking and reporting criteria  Plan and communicate implementation timetable  Schedule launch and pre-launch activity  Ensure clear ownership of project  Analyse effectiveness of training using metrics

20 20 Evaluation and metrics  Benchmarking prior to training  Completion rates (against previous training?)  Total target audience  By sector  By job role  Three further levels  Reaction level – measuring ‘attitudes’ i.e. through evaluation questionnaires, structured interviews etc  Immediate level – measuring users’ ‘knowledge’ i.e. through pre- and post-training assessment tests  Functional level – measuring ‘behavioural’ change i.e. through observation of business processes and indicators, i.e. helpdesk calls, security breaches and incidents  Return on investment

21 The Human Firewall Creating a security aware workforce APPLIED INFORMATION SERVICES Andrew Breakwell Business Development Director Compliance Division

Download ppt "The Human Firewall Creating a security aware workforce APPLIED INFORMATION SERVICES Andrew Breakwell Business Development Director Compliance Division."

Similar presentations

Www.theiia.org External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.

External Quality Assessments Frequently Occurring Findings Observed by The IIA QA Teams.
Five -Year Strategic Title I School Plan. Session Objectives Review the five year components utilizing the rubric Organize actions steps to meet the requirements.

Five -Year Strategic Title I School Plan. Session Objectives Review the five year components utilizing the rubric Organize actions steps to meet the requirements.
DaZee Hotels (Management & Allied Services)

DaZee Hotels (Management & Allied Services)
UMC for Consulting & Services. UMC UMC for Consulting & Services UMC Profile UMC Profile UMC Range of Consulting Services UMC Range of Consulting Services.

UMC for Consulting & Services. UMC UMC for Consulting & Services UMC Profile UMC Profile UMC Range of Consulting Services UMC Range of Consulting Services.
Strategic Value of the HR Function Presentation by

Strategic Value of the HR Function Presentation by
HR Manager – HR Business Partners Role Description

HR Manager – HR Business Partners Role Description
Vocational Rehabilitation QUEST BRAIN INJURY SERVICES Fleur Colohan Vocational Instructor Elaine Armstrong Head of Brain Injury Services.

Vocational Rehabilitation QUEST BRAIN INJURY SERVICES Fleur Colohan Vocational Instructor Elaine Armstrong Head of Brain Injury Services.
Presentation and discussion April 15, 2013

Presentation and discussion April 15, 2013
THE WORLD BANK Lessons Learned during the use of Global Investment Promotion Benchmarking in Indonesia March 28, 2011 Greg A. Elms Senior Private Sector.

THE WORLD BANK Lessons Learned during the use of Global Investment Promotion Benchmarking in Indonesia March 28, 2011 Greg A. Elms Senior Private Sector.
Return On Investment Integrated Monitoring and Evaluation Framework.

Return On Investment Integrated Monitoring and Evaluation Framework.
Lecture 11 Information Systems Training (Chapter 11)

Lecture 11 Information Systems Training (Chapter 11)
The Analyst as a Project Manager

The Analyst as a Project Manager
PHAB's Approach to Internal and External Evaluation Jessica Kronstadt | Director of Research and Evaluation | November 18, 2014 APHA 2014 Annual Meeting.

PHAB's Approach to Internal and External Evaluation Jessica Kronstadt | Director of Research and Evaluation | November 18, 2014 APHA 2014 Annual Meeting.
Unit Slides by UK Versity.  Unit aims:  This unit aims to help the learner with an opportunity to develop their project management and research skills.

Unit Slides by UK Versity.  Unit aims:  This unit aims to help the learner with an opportunity to develop their project management and research skills.
Training Programme – Introduction Training Programme – Introduction Estimated cost of a three year assignment = $ 1 MILLION (Source: Brewster 2001) Done.

Training Programme – Introduction Training Programme – Introduction Estimated cost of a three year assignment = $ 1 MILLION (Source: Brewster 2001) Done.
Family Outreach and Response Program Strategic Plan 2012 - 2014 September 26 th, 2012.

Family Outreach and Response Program Strategic Plan September 26 th, 2012.
LMS AND ELEARNING IWA HR SIG THURSDAY 14 NOVEMBER 2013.

LMS AND ELEARNING IWA HR SIG THURSDAY 14 NOVEMBER 2013.
SCC EHR Workshop for Contractors: Implementation Considerations May 25, 2011.

SCC EHR Workshop for Contractors: Implementation Considerations May 25, 2011.
Chapter 2 Strategic Training

Chapter 2 Strategic Training
Training Programme – Introduction Training Programme – Introduction Estimated cost of a three year assignment = $ 1 MILLION (Source: Brewster 2001) Done.

Training Programme – Introduction Training Programme – Introduction Estimated cost of a three year assignment = $ 1 MILLION (Source: Brewster 2001) Done.

Similar presentations

Ads by Google