Employee Security Awareness Tuesday, April 9, 2019 Louis Stramaglio IT Ops Supervisor
What is the greatest vulnerability in your organization? • Electronic Security Perimeter • IT Network • OT Network • Permissions • Physical Security Are You Vulnerable?
Employees • End users • Clients • Customers • Contractors YES!
Does your company have an Employee Security Awareness Program? Question
Understand and comply with company security policies and procedures • Be appropriately trained in the rules of behavior for the systems and applications to which they have access • Work with management to meet training needs • Keep end users aware of actions they can take to better protect their company’s information IT Security Program
Security Policies • Designed to protect the data • Business needs • Known risks 2. Define responsibilities • Who is responsible • Staff responsibilities • IT/Security responsibilities 3. Establish Processes • Monitor the program • Review results • IRP(Incident Response Plan) Security Program Contents
Do you believe your current Employee Security Awareness Program has Management Buy-in? Question
Support • Budget • Reporting • Feedback Management Buy-in
Not training • Addresses concepts and behaviors • Terminology • Informational What is Awareness?
Strategy and Plan • Feedback from key groups • Assess current materials • Create a baseline • Review current metrics • Analysis of findings and recommendations • Current trends • Prioritize • Schedule, but remain flexible • Make it “So Number One” Create the Awareness Plan
Awareness We Are Done, Right?
Awareness Training We Are Done, Right?
End users • IT • Executives • Everyone • Training everyone equally doesn’t always mean training everyone the same way. Stay flexible Who Needs Training?
In-house • LMS • Outsource Where Does Training Come From?
Awareness Testing & Education Training NOW We Are Done, Right?
Measure your success • Report your success to management • Remember, stay flexible • Prioritize weak points, add new content • Continue the cycle Why Test Me?
Obtain Management buy-in • Create your awareness plan based on your IT Security Program • Generate a security baseline and prioritize • Train everyone • Test everyone • Stay flexible and prioritize Participant Challenge
Lou Stramaglio IT Ops Supervisor email@example.com