1 / 17

Security Awareness 101

chace
Télécharger la présentation

Security Awareness 101

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Security Awareness 101 11th Annual New York State Cyber Security Conference

    2. Objectives Security Awareness Security Program Resources Available Training Incorporate security practices into SDLC Overlaps & iterations: Security becomes a quality checkpoint - therefore, need to skip back to previous phasesIncorporate security practices into SDLC Overlaps & iterations: Security becomes a quality checkpoint - therefore, need to skip back to previous phases

    3. Information Security Professionals Who is in charge of a Security Program? Who has a Security Program Budget? Looking for low to no-cost solutions to Security Awareness? What is everyones level of experience for IT Security? 0 to 3 years 3 to 5 years 5 to 10 years More than 10 years

    4. Information Assurance CIA We all know it Weakest Link Understanding Security Awareness Incidents are going to happen Many laws and regulations require Security Awareness Training CIA We all know it. Its the corner stone, but not the focus of why we are here to talk. Without Awareness, IA becomes very difficult if not impossible Incidents are going to happen, you must do a proper post mortem and learn from those, if not, doomed to repeat. FISMA, and others require training (OMB Circular A-123, Management Accountability and Control, 1995), Government Information Security Reform Act (GISRA) October 2000CIA We all know it. Its the corner stone, but not the focus of why we are here to talk. Without Awareness, IA becomes very difficult if not impossible Incidents are going to happen, you must do a proper post mortem and learn from those, if not, doomed to repeat. FISMA, and others require training (OMB Circular A-123, Management Accountability and Control, 1995), Government Information Security Reform Act (GISRA) October 2000

    5. How will this help my Security Program? Business knowledge The Security market place Cost benefits Personal challenges Understand the focus and the hype Speak with authority about the concepts and trends Understand and be able to map how the security would map to your needs

    6. Security Awareness What is it? What do you have? What is your existing plan? How do I map it for success? Why do you focus on it? How do I train the people who dont have the time? What about the people who dont know what security is?

    7. Security Awareness I am one person I have one other person I have a team What do you focus on? Cyber Security? Incident Response? Security Operations? Forensics / Electronic Records? Business Continuity / Disaster Recovery? Network Security?

    8. Security Awareness continued. Its a campaign You constantly have to train on it You must be the voice Start with the basics Locking your laptop Where do you leave your laptop Make it interesting Make it fun October is Cyber security Month

    9. Start SmallBuild to Big Passwords Email Links Anti-virus Software Security Cables Passphrases Locked Doors Secured Rooms Biometrics Hardened O/S

    10. Current Threats Advanced Persistent Threat (APT) Cloud Security Mobile Security Application Vulnerabilities Attacks Viruses, Worms, Trojans, etc. Spear Phishing 10

    11. Security Program Policies Procedures Staffing Modules Incident Response / Management / Recovery Risk Assessments Post Mortem / After Action Training / Skills / Certifications Public Relations

    12. Resources Available NIST 800-50 and others Microsoft (ISC)2 TechRepublic NIMS / ICS HSEEP MS-ISAC Incident Response Creating your own Dashboard

    13. Security Training Awareness builds to training which evolves into Education Professional Certifications Organizations RSS Feeds Implementation Audience Message 13

    14. Security Training continued. Who conducts the training? What do I focus on? How do I deliver a meaningful presentation? How much time do I plan for? Make it fun reach your audience

    15. Adding to your Skills

    16. Keys to Success Understand your focus More upfront work Use a Framework Less money Adding to your Basic Skills Key Areas Keeping the right people involved Understanding when to apply Security Know what you want upfront Lessons Learned

    17. Questions

More Related