Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 PRESENTATION TITLE 1 The Streetwise Security Zone Presents Turning Swiss Cheese Into Hard Candy Scott Wright The Streetwise Security Coach

Similar presentations


Presentation on theme: "1 PRESENTATION TITLE 1 The Streetwise Security Zone Presents Turning Swiss Cheese Into Hard Candy Scott Wright The Streetwise Security Coach"— Presentation transcript:

1 1 PRESENTATION TITLE 1 The Streetwise Security Zone Presents Turning Swiss Cheese Into Hard Candy Scott Wright The Streetwise Security Coach http://www.streetwise-security-zone.com Justifying Security Awareness Training

2 2 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 2 Why Swiss Cheese? Threats! Workflows Threats

3 3 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com INT 3 Cases of Security Awareness Failure Spouse installs music sharing software on company laptop, exposing 17,000 employees personal data on the Web

4 4 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com INT 4 Downadup virus hits PCs at five Sheffield hospitals "The virus has now been contained and our IT team have been working very closely with external antivirus specialists to update PCs and remove the last remnants of the virus from the network to limit the chances of a repeat infection. The automatic Microsoft update process had been temporarily disabled following problems with some PCs providing supporting information in theatres. "This decision was taken by the IT Change Advisory Board to prevent further disruption in theatres. (ZDNet.co.uk, January 22, 2009) Cases of Security Awareness Failure The Conficker (aka Downadup, Kido) worm has infected 8-12 million computers globally* creating a large BOTNET, through a combination of: a) Poor password choices, b) USB Flash Drive infections, and c) Windows computers not being updated with Microsofts security patches *United Press International, January 26, 2009

5 5 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com INT 5 Cases of Security Awareness Failure Restaurant + IT Staff Lunch + New Employee + Blogger Sitting Nearby = …. Easy! The only password you need to remember is Password1… We use it everywhere. This new job is challenging… We have so many systems. How do you manage it?

6 6 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 6 Why Do You Need to Take Action? You (or your clients) could be a click away from disaster… Poor employee risk decisions cause over 80% of data breaches Ponemon Institute: http://www.encryptionreports.com/http://www.encryptionreports.com 60% of individuals FAILED a simple test of information security risk decisions The Honey Stick Project: http://www.honeystickproject.comhttp://www.honeystickproject.com

7 7 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 7 What is Security Awareness? Ability to recognize risks Ability to make decisions that reduce risk, regardless of technology or other safeguards Meeting job requirements and organizations objectives Securely and efficiently! Empowerment – When employees do the right things… At the right time, for right reasons, when nobody is watching! Michael Santarcangelo, The Security Catalyst Something doesnt look quite right…

8 8 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC Facebook - Good or Bad? Explosive growth in use for marketing and networking Increased exposure (one way or another!) Facebook Risks Almost half of new profiles are not real Dont accept invitations from strangers (link whoring) Increasing use of Bots for invitations and attacks Be suspicious of friends recommendations Trust is easily exploitable Verify information before acting Links are easy to obscure with tinyurl.com Be suspicious of abnormal links Use plugins that expand links - (e.g. Longurl in Firefox) 8

9 9 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 9 A Few More Facebook Risks and Tips Corporate espionage is easy and growing Change privacy settings to Friends Only Third-party applications can be malicious or leaky Only accept applications from reputable sources Facebook is a big target Large repository of personal information Big risk to ANY info within it, despite policies or settings Dont post anything you wouldnt want to see in the newspapers! See Tom Estons Guide to Facebook Privacy and Security http://www.spylogic.net http://www.spylogic.net http://www.spylogic.net Streetwise Security Zone Podcast - Episode 3 Streetwise Security Zone Podcast - Episode 3

10 10 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC If you were targeting a company... 10 NOTE TO PRESENTER USING THIS SLIDE DECK… For a live Facebook demo from within your own Facebook profile… Go to Facebook main page Search for a company in your local geographical area (same city as in your profile) Enter along with or or or or i.e. Search for: IBM strategic, IBM research, etc.

11 11 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 11 Whats the worst case of personal use causing business risk? Срочно! Слишком низко! Roger that... Looks like I shouldnt have accepted that Facebook invitation from that Russian lady. Right Jim? Translation: Urgent! You are too low! Pull up! Any idea what shes saying?

12 12 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 12 Facebook Settings

13 13 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 13 Who Needs Security Awareness Most? General staff On the front lines, the first place attackers go Handles large volumes of information Executives Often feel they are immune to operational rules Often carry or discuss valuable information IT Staff Also feel they are immune Need valuable information to get their jobs done R&D Staff Has key intellectual property – very high value to the organization Responsible for building in safeguards Everybody Needs It!

14 14 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 14 Handling information more securely in your job… For Executives, Management, Administrators, R&D Staff, or IT Staff – The Streetwise Security Awareness Technique (SWAT) uses the same approach for all jobs… But, the safeguards are tailored in each step… 1. Be prepared with basic best practices 2. Identify your trusted sources of guidance 3. Identify your information context Control information in your context Collaborate for security and efficiency

15 15 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 15 The SWAT Basic Information Security Awareness Guidelines 1. Take responsibility for software being up-to-date 2. Use only authorized hardware or software 3. Use multiple, strong passwords 4. Know your security software logo and alerts 5. Do regular backups of your work, and test them 6. Encrypt sensitive files before leaving the office 7. Challenge strangers, or anything odd 8. Lock up sensitive assets and information before leaving them 9. Be suspicious (i.e. dont click on untrusted/unexpected links or attachments) 10. Report incidents to management or the helpdesk

16 16 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 16 What about the Swiss Cheese?… Less Rework Better Quality and Compliance Fewer Legal Issues Better Productivity Happier Customers Better Industry Image Happier Employees Threats!

17 17 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 17 To Hard Candy… and more Less Rework Better Quality and Compliance Fewer Legal Issues Better Productivity Happier Customers Better Industry Image Happier Employees

18 18 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 18 Summary Security relies on technology, human decisions and empowerment Everybody needs security awareness – weakest link is limiting factor Spin-off benefits – improved productivity, quality, customer satisfaction, leadership, and more…

19 19 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC 19 Quiz on Security Awareness 1) Approximately what percentage of data breaches are caused, in some way, by poor employee risk decisions? (a) 10% (b) 40% (c) 70 % (d) 80% 2) What do Phishers and Identity Thieves look for in Facebook profiles? (a) Employer names (b) Favorite color (c) Privacy settings 3) Should your organization be more like Swiss Cheese or Hard Candy? Which one does it resemble right now?

20 20 Copyright 2009. Scott Wright. All rights reserved. http://www.streetwise-security-zone.com SC Lets work together! Scott Wright - The Streetwise Security Coach Contact - scott@streetwise-security-zone.comscott@streetwise-security-zone.com Sales Resources: http://www.streetwise-security-zone.com/training-sales.html Slide decks, sales letters and other tips over time The Streetwise Security Zone website http://www.streetwise-security-zone.com FREE weekly tips email newsletter on home page Currently free FULL membership (during promotion) Podcasts, tweets, articles, forums The Honey Stick Project - Measuring risk decisions http://www.honeystickproject.com 20


Download ppt "1 PRESENTATION TITLE 1 The Streetwise Security Zone Presents Turning Swiss Cheese Into Hard Candy Scott Wright The Streetwise Security Coach"

Similar presentations


Ads by Google