Presentation is loading. Please wait.

Presentation is loading. Please wait.

Success Strategies for Security Awareness Pamela Mitchell, MBA, MTM Secureworld Expo September 2011.

Similar presentations


Presentation on theme: "Success Strategies for Security Awareness Pamela Mitchell, MBA, MTM Secureworld Expo September 2011."— Presentation transcript:

1 Success Strategies for Security Awareness Pamela Mitchell, MBA, MTM Secureworld Expo September 2011

2 Agenda  Security is Top Priority  Employees Are Your Biggest Challenge  Success Strategies for Security Awareness  Top Ten Tips  Summary & Final Thoughts  Questions

3 Security is TOP Priority!  Everyone in the company has a security role and responsibilities to fulfill  Many security incidents are the result of lack of awareness and training  The threat from inside is real!  Regulatory requirements must be met

4 Employees Are Your Biggest Challenge  The Risk  Too Many Gullible Users  The Human Security Dilemma

5 Success Strategies (1 of 2)  Do Your Homework  Get It From The Top  Gather Your Allies  Watch Your Language  Streamline Communications

6 Success Strategies (2 of 2)  Think Fun  Tell It Like It Is  Sign Off On The Same Page  Walk Your Talk  Metrics

7 Top Ten Tips (1 of 2)  Identify a theme  Deliver the message early and often  Variety is the spice of (Security) Life  Use a tiered approach (Mgmt, IT, Users)  Get people to care about Security

8 Top Ten Tips (2 of 2)  Celebrate Security Awareness Month in October  Perform Quarterly Walkthroughs  Develop a Monthly Newsletter  Create a Top Ten List and display  Mandatory online interactive training once a year

9 End User Security Awareness Challenges Identifying a theme, craft a cohesive program and repeat, repeat, repeat Motivating users to take a personal interest in information security and convincing users to develop and maintain safer computer usage habits Delivering a consistent message about the importance of information security Giving end user security awareness a higher priority within organizations Developing materials that deliver a clear message about security topics on a regular basis in a variety of ways

10 Initiatives should be endorsed at the top with the message cascading throughout the organization Summary & Final Thoughts Security Awareness & Training Should Be Top Priority! Develop a comprehensive communication plan and deliver security information that users will view as being valuable to them personally and professionally Using multiple and appropriate communications, the message should be direct, concise and meaningful, and the call-to-action must be clear

11 Resources and References  State and Federal Government National Institute of Standards and Technology (NIST) Publication National Institute of Standards and Technology (NIST) Publication search.cfm?pub_id= search.cfm?pub_id= search.cfm?pub_id= search.cfm?pub_id= Department of Homeland Security, CyberSecurity Training Department of Homeland Security, CyberSecurity Training California Technology Agency, Office of Information Security California Technology Agency, Office of Information Security Multi-State Information Sharing and Analysis Center (MS-ISAC) Multi-State Information Sharing and Analysis Center (MS-ISAC)

12 Resources and References  Educational Institutions University of Tennessee University of Tennessee University of California, Santa Cruz University of California, Santa Cruz

13 Resources and References  Search Security  Vendors Microsoft, McAfee, Websense, Cisco, etc. Microsoft, McAfee, Websense, Cisco, etc.

14 QUESTIONS ???


Download ppt "Success Strategies for Security Awareness Pamela Mitchell, MBA, MTM Secureworld Expo September 2011."

Similar presentations


Ads by Google