![Page 1: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/1.jpg)
Employee Security Awareness
Tuesday, April 9, 2019
Louis StramaglioIT Ops Supervisor
![Page 2: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/2.jpg)
• What is the greatest vulnerability in your organization?
oElectronic Security Perimetero IT NetworkoOT NetworkoPermissionsoPhysical Security
2
Are You Vulnerable?
![Page 3: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/3.jpg)
• Employees
• End users
• Clients
• Customers
• Contractors
3
YES!
![Page 4: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/4.jpg)
Does your company have an Employee Security Awareness Program?
4
Question
![Page 5: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/5.jpg)
• Understand and comply with company security policies and procedures
• Be appropriately trained in the rules of behavior for the systems and applications to which they have access
• Work with management to meet training needs• Keep end users aware of actions they can take
to better protect their company’s information
5
IT Security Program
![Page 6: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/6.jpg)
1. Security Policies• Designed to protect the data• Business needs• Known risks
2. Define responsibilities• Who is responsible• Staff responsibilities• IT/Security responsibilities
3. Establish Processes• Monitor the program• Review results• IRP(Incident Response Plan)
6
Security Program Contents
![Page 7: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/7.jpg)
Do you believe your current Employee Security Awareness Program has Management Buy-in?
7
Question
![Page 8: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/8.jpg)
• Support
• Budget
• Reporting
• Feedback
8
Management Buy-in
![Page 9: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/9.jpg)
• Not training
• Addresses concepts and behaviors
• Terminology
• Informational
9
What is Awareness?
![Page 10: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/10.jpg)
10
Best Asset/Biggest Vulnerability
![Page 11: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/11.jpg)
• Strategy and Plan• Feedback from key groups• Assess current materials
• Create a baseline• Review current metrics• Analysis of findings and
recommendations• Current trends
• Prioritize
• Schedule, but remain flexible
• Make it “So Number One”
11
Create the Awareness Plan
![Page 12: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/12.jpg)
12
Ransomware
![Page 13: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/13.jpg)
Awareness
13
We Are Done, Right?
![Page 14: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/14.jpg)
14
We Are Done, Right?
Awareness
Training
![Page 15: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/15.jpg)
• End users
• IT
• Executives
• Everyone
• Training everyone equally doesn’t always mean training everyone the same way.
Stay flexible15
Who Needs Training?
![Page 16: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/16.jpg)
• In-house
• LMS
• Outsource
16
Where Does Training Come From?
![Page 17: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/17.jpg)
17
NOW We Are Done, Right?Awareness
TrainingTesting & Education
![Page 18: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/18.jpg)
• Measure your success
• Report your success to management
• Remember, stay flexible
• Prioritize weak points, add new content
• Continue the cycle
18
Why Test Me?
![Page 19: Employee Security Awareness - WECC Security Awareness... · • Staff responsibilities • IT/Security responsibilities. 3. Establish Processes • Monitor the program • Review](https://reader030.vdocuments.us/reader030/viewer/2022040409/5ec3e755cbcdc80429323743/html5/thumbnails/19.jpg)
1. Obtain Management buy-in
2. Create your awareness plan based on your IT Security Program
3. Generate a security baseline and prioritize
4. Train everyone
5. Test everyone
6. Stay flexible and prioritize
19
Participant Challenge