information system security awareness and training program … · agenda •what to avoid •...
Post on 11-Apr-2018
216 Views
Preview:
TRANSCRIPT
Rodney Dor PMP, CISA, CISSP
IS Security
Protecting OCTA assets in the rapidly changing world of Information Security
Information System Security
Awareness and Training
Program
Agenda
• What to avoid
• Perpetrators and Motives
• Security Components
• Why awareness
• User Focused
• Awareness Impact
• Infrastructure Components
• Q & A
In the NEWS !!
Shenendehowa Transportation
Employees (Shenendehowa, NY)
Records Breached: 250
Organized Crime
Corporate Espionage
Employees customers contractors
Script Kiddies
Hackers
Activist
Terrorist
The casual geek
Perpetrators
Easy to commit
Thrill
Organizations unaware
Loose punishment
Lack of enforcement
Accessibility
Retribution
Personal Beliefs
Political Hacktivism
Retaliation
Financial Gain
Bragging
Rights
Media Stardom
Public Apathy
Personal
WHY
NOT?
Motives
Executive
management
supported
priority
One of top five
initiatives in the
security portfolio
Key
component
of the
security
program
PRESERVING
Confidentiality -: Ensuring information is
disclosed to, and reviewed exclusively by intended
recipients / authorized individuals
Integrity - Ensuring the accuracy and completeness
of information and processing methods
Availability - Ensuring that information and
associated assets are accessible whenever
necessary by authorized individuals
Why Security Awareness
and Training
1 Ensure public trust
Maintain OCTA professional & positive image
Reduce IT risks to an acceptable level
Be compliant with Laws and Regulations
2
3
4
OCTA Security objectives
Provide the basic understanding and
importance of information security and
OCTA Security objectives.
Program Mission
• Audience - All employees
• User Awareness - sets the stage for training by
changing attitudes and behaviors
• User Training - Teaches the specific skills to enable
users to perform their security responsibilities
• Frequency – Yearly with a midyear refresher
• Tangibles – Handouts, Policies, Posters, Table tents in
break rooms
• Standards & Best Practices
DEFENSE IN DEPTH
Polices, Procedures & Awareness
Perimeter
Internal Network
Host
Application
Data
Physical Security
Awareness and Training Program Impact
User security awareness can affect
every aspect of an organization’s
security profile
top related