1 / 9

Enhancing Employee Security Awareness: Strategies for Organizational Protection

In today's cyber landscape, securing employees is as crucial as protecting IT infrastructures. Recent incidents such as RSA, Epsilon, and HBGary highlight the vulnerabilities organizations face. A comprehensive security awareness program is vital to mitigate risks and maintain compliance with industry standards. By investing in employee training, organizations can reduce costs, foster a secure brand image, and promote a culture of security. This program must include senior management support, coordination across departments, and a focus on long-term sustainability rather than just prevention.

holland
Télécharger la présentation

Enhancing Employee Security Awareness: Strategies for Organizational Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECURING OUR EMPLOYEES

  2. Firewalls Logging IDS SSL Antivirus Authentication

  3. Examples • Use recent examples from media of such attacks (RSA, Epsilon, Oak Ridge National Labs, HBGary). • Articles in business magazines (WSJ, Forbes) • Record incidents (www.privacyrights.org). • Recent human incidents in your organization. • Conduct a security awareness survey or assessment. • Compare money invested in securing a company computer versus company employee.

  4. Value to Organization • Reduce risk (get examples of risk metrics from www.securingthehuman.org/resources/planning). • Remain compliant (list any specific standards your organization must be compliant with). • Reduce costs (freeing up security resources to focus on more advanced threats) • Promotes secure brand that is serious about protecting our customers. • Train employees on our policies, processes and standards.

  5. Security Awareness Maturity Model Metrics Long Term Sustainment Promoting Awareness & Change Compliance Focused Non-Existent

  6. Key Points on Awareness • Most awareness programs have had little impact because they were never designed to. • Awareness is another control. • Long term program – lifecycle. • Not just prevention – detection and response. • Not just about clicking on links.

  7. What We Need • Senior management support, including being part of communications. • Business unit / department support to help coordinate organization wide deployment. • Access to resources ( such as marketing, communications, human resources, etc.) • Budget • Sign-off on program or planning of program.

  8. Summary • Humans are another operating system but to date very little has been done to secure them. • We can dramatically reduce risk to our organization and remain compliant by implementing an active, longer term awareness program.

More Related