1 / 9

SECURING OUR EMPLOYEES

SECURING OUR EMPLOYEES. Firewalls. Logging. IDS. SSL. Antivirus. Authentication. Examples. Use recent examples from media of such attacks (RSA, Epsilon, Oak Ridge National Labs, HBGary). Articles in business magazines (WSJ, Forbes) Record incidents ( www.privacyrights.org ).

holland
Télécharger la présentation

SECURING OUR EMPLOYEES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECURING OUR EMPLOYEES

  2. Firewalls Logging IDS SSL Antivirus Authentication

  3. Examples • Use recent examples from media of such attacks (RSA, Epsilon, Oak Ridge National Labs, HBGary). • Articles in business magazines (WSJ, Forbes) • Record incidents (www.privacyrights.org). • Recent human incidents in your organization. • Conduct a security awareness survey or assessment. • Compare money invested in securing a company computer versus company employee.

  4. Value to Organization • Reduce risk (get examples of risk metrics from www.securingthehuman.org/resources/planning). • Remain compliant (list any specific standards your organization must be compliant with). • Reduce costs (freeing up security resources to focus on more advanced threats) • Promotes secure brand that is serious about protecting our customers. • Train employees on our policies, processes and standards.

  5. Security Awareness Maturity Model Metrics Long Term Sustainment Promoting Awareness & Change Compliance Focused Non-Existent

  6. Key Points on Awareness • Most awareness programs have had little impact because they were never designed to. • Awareness is another control. • Long term program – lifecycle. • Not just prevention – detection and response. • Not just about clicking on links.

  7. What We Need • Senior management support, including being part of communications. • Business unit / department support to help coordinate organization wide deployment. • Access to resources ( such as marketing, communications, human resources, etc.) • Budget • Sign-off on program or planning of program.

  8. Summary • Humans are another operating system but to date very little has been done to secure them. • We can dramatically reduce risk to our organization and remain compliant by implementing an active, longer term awareness program.

More Related