Download
employee security awareness n.
Skip this Video
Loading SlideShow in 5 Seconds..
Employee Security Awareness PowerPoint Presentation
Download Presentation
Employee Security Awareness

Employee Security Awareness

180 Views Download Presentation
Download Presentation

Employee Security Awareness

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Employee Security Awareness Tuesday, April 9, 2019 Louis Stramaglio IT Ops Supervisor

  2. What is the greatest vulnerability in your organization? • Electronic Security Perimeter • IT Network • OT Network • Permissions • Physical Security Are You Vulnerable?

  3. Employees • End users • Clients • Customers • Contractors YES!

  4. Does your company have an Employee Security Awareness Program? Question

  5. Understand and comply with company security policies and procedures • Be appropriately trained in the rules of behavior for the systems and applications to which they have access • Work with management to meet training needs • Keep end users aware of actions they can take to better protect their company’s information IT Security Program

  6. Security Policies • Designed to protect the data • Business needs • Known risks 2. Define responsibilities • Who is responsible • Staff responsibilities • IT/Security responsibilities 3. Establish Processes • Monitor the program • Review results • IRP(Incident Response Plan) Security Program Contents

  7. Do you believe your current Employee Security Awareness Program has Management Buy-in? Question

  8. Support • Budget • Reporting • Feedback Management Buy-in

  9. Not training • Addresses concepts and behaviors • Terminology • Informational What is Awareness?

  10. Best Asset/Biggest Vulnerability

  11. Strategy and Plan • Feedback from key groups • Assess current materials • Create a baseline • Review current metrics • Analysis of findings and recommendations • Current trends • Prioritize • Schedule, but remain flexible • Make it “So Number One” Create the Awareness Plan

  12. Ransomware

  13. Awareness We Are Done, Right?

  14. Awareness Training We Are Done, Right?

  15. End users • IT • Executives • Everyone • Training everyone equally doesn’t always mean training everyone the same way. Stay flexible Who Needs Training?

  16. In-house • LMS • Outsource Where Does Training Come From?

  17. Awareness Testing & Education Training NOW We Are Done, Right?

  18. Measure your success • Report your success to management • Remember, stay flexible • Prioritize weak points, add new content • Continue the cycle Why Test Me?

  19. Obtain Management buy-in • Create your awareness plan based on your IT Security Program • Generate a security baseline and prioritize • Train everyone • Test everyone • Stay flexible and prioritize Participant Challenge

  20. Lou Stramaglio IT Ops Supervisor lstramaglio@wecc.org