1 / 20

Employee Security Awareness

Employee Security Awareness. Tuesday, April 9, 2019. Louis Stramaglio IT Ops Supervisor. What is the greatest vulnerability in your organization? Electronic Security Perimeter IT Network OT Network Permissions Physical Security. Are You Vulnerable?. Employees End users Clients

velma
Télécharger la présentation

Employee Security Awareness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Employee Security Awareness Tuesday, April 9, 2019 Louis Stramaglio IT Ops Supervisor

  2. What is the greatest vulnerability in your organization? • Electronic Security Perimeter • IT Network • OT Network • Permissions • Physical Security Are You Vulnerable?

  3. Employees • End users • Clients • Customers • Contractors YES!

  4. Does your company have an Employee Security Awareness Program? Question

  5. Understand and comply with company security policies and procedures • Be appropriately trained in the rules of behavior for the systems and applications to which they have access • Work with management to meet training needs • Keep end users aware of actions they can take to better protect their company’s information IT Security Program

  6. Security Policies • Designed to protect the data • Business needs • Known risks 2. Define responsibilities • Who is responsible • Staff responsibilities • IT/Security responsibilities 3. Establish Processes • Monitor the program • Review results • IRP(Incident Response Plan) Security Program Contents

  7. Do you believe your current Employee Security Awareness Program has Management Buy-in? Question

  8. Support • Budget • Reporting • Feedback Management Buy-in

  9. Not training • Addresses concepts and behaviors • Terminology • Informational What is Awareness?

  10. Best Asset/Biggest Vulnerability

  11. Strategy and Plan • Feedback from key groups • Assess current materials • Create a baseline • Review current metrics • Analysis of findings and recommendations • Current trends • Prioritize • Schedule, but remain flexible • Make it “So Number One” Create the Awareness Plan

  12. Ransomware

  13. Awareness We Are Done, Right?

  14. Awareness Training We Are Done, Right?

  15. End users • IT • Executives • Everyone • Training everyone equally doesn’t always mean training everyone the same way. Stay flexible Who Needs Training?

  16. In-house • LMS • Outsource Where Does Training Come From?

  17. Awareness Testing & Education Training NOW We Are Done, Right?

  18. Measure your success • Report your success to management • Remember, stay flexible • Prioritize weak points, add new content • Continue the cycle Why Test Me?

  19. Obtain Management buy-in • Create your awareness plan based on your IT Security Program • Generate a security baseline and prioritize • Train everyone • Test everyone • Stay flexible and prioritize Participant Challenge

  20. Lou Stramaglio IT Ops Supervisor lstramaglio@wecc.org

More Related