Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness in the Enterprise Jacob D. Furst Jean-Philippe Labruyere 22 March 2006.

Published byPhyllis Powell Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Awareness in the Enterprise Jacob D. Furst Jean-Philippe Labruyere 22 March 2006."— Presentation transcript:

1 Security Awareness in the Enterprise Jacob D. Furst Jean-Philippe Labruyere 22 March 2006

2 Four Levels of the Enterprise End users Technical and security staff –Technical –Audit –Compliance Management “The Boardroom” What did we miss?

3 End Users Regular “security awareness lunches” Security policy agreements –Human Resources –Legal Email campaigns Mock attacks Create a culture of security awareness What do you do?

4 Security Lunches Security brown bags Regularly scheduled seminars Invited speakers

5 Security Policy Make time for employees to read Expect end-users to read Have them sign it initially and annually (maybe as part of annual benefit enrollment) Make policies readable and consistent with organizational culture Make enforcement explicit Keep this alive – if policy changes, start from the top

6 Email Campaigns An email a day keeps the hacker away Use other common venues –Bulletin boards –Paychecks –Intranet log-on Don’t spam – overexposure can be counter-production

7 Mock Attacks Ask all employees to send current information over email… Send email from manager with suspicious attachment… Send email from well known (and liked) employee with suspicious link…

8 Culture of Security Awareness Make security explicit Reward good security habits Lead by example –Yourself –Your boss –Solicit help from end-users themselves

9 Technical and Security Staff Regular presentations –Increase awareness with end users –Makes staff accessible Make reporting incidents easy Technical training Compliance training Education How else to increase their expertise?

10 Presentations Get your security people to mix –With end-users –With project planners –With management If employees know who the security people are, they are already buying in

11 Make Reporting Easy Starts with security policy Provide multiple avenues –Paper –Verbal –Email –Internet –Anonymous Recognize effective use of reporting

12 Technical Training Plethora of certifications Encourage membership in professional societies Recommend readings from journals, newspapers, the web Expect it and recognize it

13 Compliance Training These people will likely implement it, they need to understand it Can you legal department handle it? Are their opportunities to outsource? Do you trust them?

14 Education Big investment Use as a reward Strategic decision to empower long-term thinking about security

15 Management Compliance training Legal and technical seminars Incorporate security in business processes Instill a culture of information security ethics What more can you do?

16 Compliance Training Can you do this in house? Who are the recognized and respected names in your business? How does compliance impact business processes with respect to security?

17 Legal and Technical Seminars May be done in-house –Legal department –Security personnel Many opportunities for outsourcing Expect it of managers and recognize them for doing it

18 Incorporate Security Security as an band-aid will fall off in the shower A “non-functional” requirement, but a requirement none-the-less Work with project managers to make security part of the project

19 Instill a Culture of Ethics “Do what I say, not what I do,” just won’t work Most difficult part of being a leader – you must live the result you want Ethics is the only thing that separates the white hats from the black hats Ethics can be taught!

20 The Boardroom What can you do?

21 The Boardroom Money talks Find a champion Get them involved Make legal implication explicit Organizational culture is defined here

22 Money Talks Risk assessment Security must pay for itself Security is a recurring budget item, not an expense “Amortizing” the cost of security may help

23 Find a Champion Is anyone in upper management a technophile? Security savvy? Forward thinking? Find this person and groom…

24 Get Them Involved Look for ways to get upper level management involved in security Have them send the “suspicious” email Have them recognize good security efforts Solicit feedback on policies

25 Legal Implications International, national, state, and municipal laws Standards of conduct Reasonable expectations of care Consequences of non-compliance

Download ppt "Security Awareness in the Enterprise Jacob D. Furst Jean-Philippe Labruyere 22 March 2006."

Similar presentations

Planning Collaborative Spaces in Libraries

Planning Collaborative Spaces in Libraries
Keys to Running a Successful United Way Campaign

Keys to Running a Successful United Way Campaign
Code of Student Conduct (CSC) Tutorial Lesson 4 Adopting and Implementing Your CSC – The Rewards of Long-Term Investment This tutorial has been prepared.

Code of Student Conduct (CSC) Tutorial Lesson 4 Adopting and Implementing Your CSC – The Rewards of Long-Term Investment This tutorial has been prepared.
ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3, 2014 1.

ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3,
The Habits of Highly Successful Security Awareness Programs Samantha Manke Chief Knowledge Officer.

The Habits of Highly Successful Security Awareness Programs Samantha Manke Chief Knowledge Officer.
Koen Maris – The Human Factor in Information technology – Copyright 2005 – The Human Factor in Information Technology.

Koen Maris – The Human Factor in Information technology – Copyright 2005 – The Human Factor in Information Technology.
What Do I Do Now? Starting Your EMS July 27, 2007.

What Do I Do Now? Starting Your EMS July 27, 2007.
FAA Managers Association (FAAMA) New Leader Training – FAAMA V Chapter Leadership In accordance with FAAMA National and Chapter By-Laws: Chapter by-Laws.

FAA Managers Association (FAAMA) New Leader Training – FAAMA V Chapter Leadership In accordance with FAAMA National and Chapter By-Laws: Chapter by-Laws.
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
Moving from Analysis to Design

Moving from Analysis to Design
Preparing to Develop a Disaster Recovery Plan

Preparing to Develop a Disaster Recovery Plan
IT Security Requirements

IT Security Requirements
Staff and Employee Selection

Staff and Employee Selection
Information Systems Security Officer

Information Systems Security Officer
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.
Management Information Systems, 4 th Edition 1 Chapter 16 Alternative Avenues for Systems Acquisitions.

Management Information Systems, 4 th Edition 1 Chapter 16 Alternative Avenues for Systems Acquisitions.
Dr. Mohsen Shawarby mas@aaimglobal.com Human Resource Management Government Organizations 7 Steps in developing HRM strategy Democracy & Governance Dr.

Dr. Mohsen Shawarby Human Resource Management Government Organizations 7 Steps in developing HRM strategy Democracy & Governance Dr.
Chapter 6: Personnel Security. 2 Objectives  Describe the role of security in personnel practices  Develop secure recruiting & interviewing procedures.

Chapter 6: Personnel Security. 2 Objectives  Describe the role of security in personnel practices  Develop secure recruiting & interviewing procedures.
ENTREPRENEURSHIP Unit 1.3 Students will explore entrepreneurial opportunities.

ENTREPRENEURSHIP Unit 1.3 Students will explore entrepreneurial opportunities.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Similar presentations

Ads by Google