Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness Lloyd Guyot – Steelcase Ed Jaros – Tenundra Inc. July 17, 2003.

Published byNicholas Holt Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Awareness Lloyd Guyot – Steelcase Ed Jaros – Tenundra Inc. July 17, 2003."— Presentation transcript:

1 Security Awareness Lloyd Guyot – Steelcase Ed Jaros – Tenundra Inc. July 17, 2003

2 Security Awareness Agenda Introduction Obstacles Risk Weakest Link Hot Spots / Your Response? Communication Tools Incentives Steelcase & Security Awareness Tenundra & Security Awareness Summary

3 Introduction Security: Technology, Process, Policy, Culture Culture: Specific human factors that weaken security Goal: Facilitate changing current culture through security awareness so that each day, every one of us demonstrates a proactive role in protecting intellectual assets from falling into the wrong hands

4 Obstacles Culture / Attitude 1.Not Important “I’ve never been burned.” 2.Someone else's job “Security is not my job.” 3.Lack of participation “I don’t have time.” 4.Reactive vs. Proactive Most common approach. Resources 1.People, Time, Money 2.Priorities

5 RISK The risk of an information security breach increases significantly if: 1.Your organization is involved in a highly competitive business climate 2.Your organization has terminated an employee that holds a grudge 3.Your organization has wanted resources. E.g.. Information, Equipment, Bandwidth 4.Your organization has individuals that lack security awareness and best practices

6 The Weakest Link Security’s weakest link is people “Nearly two-thirds of reported security breaches are primarily the result of human error.” - The Computing Technology Industry Association Most people are not aware that they have personal responsibilities for security

7 Hot Spots Storage & Transfer of Information Email Passwords Portable Computers Social Engineering Telephone Voicemail Wireless Computing Anti-Virus Personal Firewall Physical Access

8 How do you handle it? Password resets? Dial in access? Lost badges? Terminated users? Network shares? Public drives? Notebook PC confidential data? Web Access?

9 Tenundra – Security Awareness Intranet postings Email alerts PC and profile lockdowns Password Awareness talks and demos Key Card entry data logs Pinkerton / Securitos guards Logon Banners

10 Steelcase – Security Awareness Posters Table Toppers Email Newswire IT Security Website Storyboard Presentations GITA Standards Financial Policies

11 Communication Tools Security Website Email / Bulletin Board Notices Newsletters / Company wide Posters / Table Toppers Internal Audit / Security Reviews Presentations / In Person Sign-on Screen messages Annual Test at Network Login Screen Savers Training – online & classroom Video – tape & web clips

12 “WHEN CIO’S LET employees use screen savers to display family photos or their kids' artwork, they're missing a valuable chance to spread the word about important security issues.” CIO Magazine - July 15, 2003 http://www.cio.com/archive/061503/tl_security.html

13

14 YOUR ORGANIZATION NAME AND LOGO HERE Forget something? During our spot check, your work space was lacking some security measures The following tips will help you continue to protect our information and technology assets: (checked items were incorrect) __ Use a password-protected screen saver __ Log off and shut down your PC at the end of the day __ Lock your PC in a desk or with a security cable __ Secure sensitive papers, data files, or software __ Don’t post your password where others can find it __ Lock your office door at the end of the day For more security related information, please refer to (your organization’s security standards or other documents). If you have information or questions about any security related issues, please contact (contact info). Security Incident Hotline 1-234-567-8900 YOUR ORGANIZATION NAME AND LOGO HERE Good Job! During our spot check, your work space appeared to be secure The following tips will help you continue to protect our information and technology assets:  Use a password-protected screen saver  Log off and shut down your PC at the end of the day  Lock your PC in a desk or with a security cable  Secure sensitive papers, data files, or software  Don’t post your password where others can find it  Lock your office door at the end of the day For more security related information, please refer to (your organization’s security standards or other documents). If you have information or questions about any security related issues, please contact (contact info). Security Incident Hotline 1-234-567-8900

15

16 Incentives Rewards for: Reporting suspicious activity Positive Inspections and Audit results Attending presentations Taking and passing a security awareness test

17 Summary Who is responsible for security? Security awareness helps minimize the cost of incidents. Remember… Hot Spots Communication Tools Incentives

18 Resources Good site with tips is http://www.securityawareness.com http://www.securityawareness.com SANS Reading Room – 19 Papers http://www.sans.org/rr http://www.sans.org/rr The ISSA Journal - July 2003 “Cost Effective Security Awareness” http://www.issa.org

19 QUESTIONS & DISCUSSION

Download ppt "Security Awareness Lloyd Guyot – Steelcase Ed Jaros – Tenundra Inc. July 17, 2003."

Similar presentations

A Parent’s Guide to School Communication

A Parent’s Guide to School Communication
HIPAA Security.

HIPAA Security.
Classroom Expectations Computer Applications I Computer Applications II (Dual Credit) Multimedia Arts Personal Finance Mrs. Ross.

Classroom Expectations Computer Applications I Computer Applications II (Dual Credit) Multimedia Arts Personal Finance Mrs. Ross.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
Information Security Awareness Training

Information Security Awareness Training
The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.

The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.
Perimeter Church Perimeter Network Introduction 2005.

Perimeter Church Perimeter Network Introduction 2005.
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Lecture 16 Secure Social Networking. Overview What is Social Networking? The Good, the Bad and the Ugly How to protect yourself How to protect your children.

Lecture 16 Secure Social Networking. Overview What is Social Networking? The Good, the Bad and the Ugly How to protect yourself How to protect your children.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
Company LOGO Internet Safety A Community Approach.

Company LOGO Internet Safety A Community Approach.
10 Essential Security Measures PA Turnpike Commission.

10 Essential Security Measures PA Turnpike Commission.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1

Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1

Similar presentations

Ads by Google