Upload File

building a culture of security - blue sky elearn · kelley bray – symantec . agenda •memory...

  • Home
  • Documents
  • Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”
16
Building a Culture of Security #CyberAware Kelley Bray – Symantec

Upload: others

Post on 21-Mar-2020

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

Building a Culture of Security

#CyberAware

Kelley Bray – Symantec

Page 2: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

Agenda

• Memory Lane

– Moving from Compliance to Security

• Culture and our program

– Why “awareness” isn’t enough

• Getting started

– Beginning at the end.

Page 3: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

A little bit about me

5 years at TSA/DHS

• Critical Infrastructure

• Security Awareness

• Insider Threat

2.5 years at SYMC

• Global Responsibility

• Employee Trust and CustomerONE

3 kids growing up in the digital world

3

Page 4: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

4

Likely..why you are here.

Page 5: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

But also… the news isn’t good.

• The number of phishing campaigns went up 55% in 2015.

– Despite the number of emails going down

Copyright © 2014 Symantec Corporation 5

Page 6: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

But… • Security Awareness Training is required for everyone, every year.

• So we should be ok, right?

6

Page 7: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

Wrong.

Compliance

Awareness

Talking “At”

Security

Change in Behavior

Talking “To”

So why isn’t it working?

Page 8: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

CULTURE

Copyright © 2014 Symantec Corporation 8

Page 9: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

What is Culture?

A culture is a way of life of a group of people--the behaviors, beliefs, values, and symbols that they

accept, generally without thinking about them, and that are passed along by communication and imitation

from one generation to the next.

Copyright © 2014 Symantec Corporation 9

Page 10: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

Buckle Up!

• What does program success look like?

– Good Security Behavior is natural… like wearing a seatbelt.

– Employees identify with the security of the company and do the right thing

– Full program implementation = Human Firewall • Risk profile greatly reduced

10

Page 11: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

Fundamental Components

• Consistent Messaging

• Interactive Online Modules

• Short, engaging videos

• Phishing exercises

• Quizzes and Contests

• On Site Training

11

Page 12: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

Layering Security into Culture

Copyright © 2014 Symantec Corporation 12

Community

Company Solidarity and

Security

Team Success

Individual Protection

Host a lunch and learn or similar

Compete in the CWG

Complete annual training

Report a phishing email

Author a white paper

Obtain a security certification

Volunteer to support STEM

Deliver outreach presentation

Be a Security Champion

Page 13: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

GETTING STARTED

Copyright © 2014 Symantec Corporation 13

Page 14: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

Advice from the trenches

• Strategy:

– Decide your best day, and work backwards

– Celebrate security often – not just in October

– Leadership – don’t bother starting without it.

– Be as interactive as possible

• Phishing, contests, FUN.

– Make it Personal

Copyright © 2014 Symantec Corporation 14

Page 15: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

Q & A

Page 16: Building a Culture of Security - Blue Sky eLearn · Kelley Bray – Symantec . Agenda •Memory Lane –Moving from Compliance to Security •Culture and our program –Why “awareness”

Thank you!

[email protected]


You’ve Identified Security Risks with - Blue Sky eLearn · PDF fileYou’ve Identified Security Risks with a SaaS Vendor. So What? Sandy Silk, CISSP Harvard University

CHAPTER 12 Hydrocarbons - eLearn

Security Culture

Mexico Elearn

Session I Introduction Opening of the Security Culture ... Culture Workshop.pdfsecurity culture, alongside the development of human capital, skill and competency. Security Culture

We eLearn. Do You? ( WeNDY ) 2011

Security Culture CrimethincA

ARK Elearn Congress_handouts

eLearn Course Overview & Outline

Elearn: Towards a Collaborative Educational Virtual

ATLS-9e ELearn TraumaFlow.v1

Elearn 2014 Parent Meet

Learning management system - elearn series

Atmosphere elearn

Elearn Club District

Elearn 2013 parent meet

Elearn Asses Four

TAA eLearn Course - Session 8

Platformăde e-learning și curriculăe-content pentru ...andrei.clubcisco.ro/cursuri/f/f-sym/5master/sric-srs/elearn/... · 3. Endpoint Security A ... OS’es have basic security

Elearn Member Access

COMMUNITY POLICING DEFINED ELEARN COURSE OVERVIEW …

eLearn eTeach slideshow Dec 2012 autorun

Elearn 2012 Parent Meet

Elearn Security Temario

Elearn Interact

101 Reasons not to eLearn

Presentació eLearn Center - 2014

16 INFORMATION SECURITY CULTURE · 2017-09-26 · Information Security Culture 205 organisational culture plays an important role when implementing information security [ANDROO, CONNOO,

Simple introduction guide for eLearn Academic Portal · 2020-06-23 · FAQ – eLearn Academic Portal. v1.1/20200325 Driving Forward • Can I use eLearn without activating my account?

NW Elearn Presentation

Cuyahoga Community College ITC eLearn 2012

ASRM eLearn Introduction

Northwest eLearn 2016 Keynote

PeerPigeon - eLearn 2008

Elearn Foundation