Download presentation
Presentation is loading. Please wait.
Published byNicholas Holt Modified over 9 years ago
1
Security Awareness Lloyd Guyot – Steelcase Ed Jaros – Tenundra Inc. July 17, 2003
2
Security Awareness Agenda Introduction Obstacles Risk Weakest Link Hot Spots / Your Response? Communication Tools Incentives Steelcase & Security Awareness Tenundra & Security Awareness Summary
3
Introduction Security: Technology, Process, Policy, Culture Culture: Specific human factors that weaken security Goal: Facilitate changing current culture through security awareness so that each day, every one of us demonstrates a proactive role in protecting intellectual assets from falling into the wrong hands
4
Obstacles Culture / Attitude 1.Not Important “I’ve never been burned.” 2.Someone else's job “Security is not my job.” 3.Lack of participation “I don’t have time.” 4.Reactive vs. Proactive Most common approach. Resources 1.People, Time, Money 2.Priorities
5
RISK The risk of an information security breach increases significantly if: 1.Your organization is involved in a highly competitive business climate 2.Your organization has terminated an employee that holds a grudge 3.Your organization has wanted resources. E.g.. Information, Equipment, Bandwidth 4.Your organization has individuals that lack security awareness and best practices
6
The Weakest Link Security’s weakest link is people “Nearly two-thirds of reported security breaches are primarily the result of human error.” - The Computing Technology Industry Association Most people are not aware that they have personal responsibilities for security
7
Hot Spots Storage & Transfer of Information Email Passwords Portable Computers Social Engineering Telephone Voicemail Wireless Computing Anti-Virus Personal Firewall Physical Access
8
How do you handle it? Password resets? Dial in access? Lost badges? Terminated users? Network shares? Public drives? Notebook PC confidential data? Web Access?
9
Tenundra – Security Awareness Intranet postings Email alerts PC and profile lockdowns Password Awareness talks and demos Key Card entry data logs Pinkerton / Securitos guards Logon Banners
10
Steelcase – Security Awareness Posters Table Toppers Email Newswire IT Security Website Storyboard Presentations GITA Standards Financial Policies
11
Communication Tools Security Website Email / Bulletin Board Notices Newsletters / Company wide Posters / Table Toppers Internal Audit / Security Reviews Presentations / In Person Sign-on Screen messages Annual Test at Network Login Screen Savers Training – online & classroom Video – tape & web clips
12
“WHEN CIO’S LET employees use screen savers to display family photos or their kids' artwork, they're missing a valuable chance to spread the word about important security issues.” CIO Magazine - July 15, 2003 http://www.cio.com/archive/061503/tl_security.html
14
YOUR ORGANIZATION NAME AND LOGO HERE Forget something? During our spot check, your work space was lacking some security measures The following tips will help you continue to protect our information and technology assets: (checked items were incorrect) __ Use a password-protected screen saver __ Log off and shut down your PC at the end of the day __ Lock your PC in a desk or with a security cable __ Secure sensitive papers, data files, or software __ Don’t post your password where others can find it __ Lock your office door at the end of the day For more security related information, please refer to (your organization’s security standards or other documents). If you have information or questions about any security related issues, please contact (contact info). Security Incident Hotline 1-234-567-8900 YOUR ORGANIZATION NAME AND LOGO HERE Good Job! During our spot check, your work space appeared to be secure The following tips will help you continue to protect our information and technology assets: Use a password-protected screen saver Log off and shut down your PC at the end of the day Lock your PC in a desk or with a security cable Secure sensitive papers, data files, or software Don’t post your password where others can find it Lock your office door at the end of the day For more security related information, please refer to (your organization’s security standards or other documents). If you have information or questions about any security related issues, please contact (contact info). Security Incident Hotline 1-234-567-8900
16
Incentives Rewards for: Reporting suspicious activity Positive Inspections and Audit results Attending presentations Taking and passing a security awareness test
17
Summary Who is responsible for security? Security awareness helps minimize the cost of incidents. Remember… Hot Spots Communication Tools Incentives
18
Resources Good site with tips is http://www.securityawareness.com http://www.securityawareness.com SANS Reading Room – 19 Papers http://www.sans.org/rr http://www.sans.org/rr The ISSA Journal - July 2003 “Cost Effective Security Awareness” http://www.issa.org
19
QUESTIONS & DISCUSSION
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.