2. ORGANISATIONAL CULTURE ORGANISATION MUST PROVIDE FOR INFORMATION SECURITY FAILING TO PLAN, IS PLANNING TO FAIL ASPECTS THAT SHOULD BE ADRESSED DURING SECURITY AWARENESS TRAINING QUESTIONS ? SCOPE

3. TO DEMONSTRATE THE IMPORTANCE OF SECURITY AWARENESS IN ENHANCING THE SECURITY MATURITY OF USERS AIM

4. ORGANISATIONAL CULTURE DETERMINES IMPORTANCE OF INFORMATION SECURITY ORGANISATION MUST PROVIDE FOR INFORMATION SECURITY: ENHANCE SECURITY KNOWLEDGE OF USERS CHANGE ATTITUDE TOWARDS SECURITY CHANGE BEHAVIOUR PATTERNS HUMANS ARE THE WEAK LINK IMPORTANCE OF SECURITY AWARENESS

5. FORMAL TRAINING AND EDUCATION ADDRESS KNOWLEDGE OF USERS ATTITUDE AND BEHAVIOUR CHANGES COME WITH UNDERSTANDING OF SECURITY RISKS CULTURAL CHANGE WRT INFORMATION SECURITY MUST BE ACHIEVED IMPORTANCE OF SECURITY AWARENESS

6. SECURITY AWARENESS TRAINING SECURITY AWARENESS TRAINING SUCCESS DEPENDS ON EFFECTIVE PLANNING. AWARENESS TRAINING PROGRAM EXTREMELY IMPORTANT MANAGEMENT APPROVAL MUST BE OBTAINED FOLLOW A LIFECYCLE TO ENSURE CONTINUOUS IMPROVEMENT

7. TYPICAL SECURITY AWARENESS TRAINING LIFECYCLE Threat assessment

8. What are the threats ? How to counteract identified threats Passwords (use, compilation, changing, secrecy) Preventing unauthorised access Malicious code/countermeasures E-mailing Backup/DRPs Use and safeguarding of removable data media Use of “Freeware” Theft prevention Social engineering (dangers of social networks) CONTENT OF SECURITY AWARENESS TRAINING

9. Questions ??