executive information security training
DESCRIPTION
Short training presentation for executivesTRANSCRIPT
Awareness Training for Executives
Information Security
(module 4) 2
Introduction
Welcome
Angela Samuels
(module 4) 3
Trainer
(module 4) 4
Real World Stats
IT professionals in countries other than the U.S. were slightly more cautious in their own vulnerability assessments. 13% in Europe 16% in China 24% in India say their organizations are more vulnerable to security dangers than a year ago.
(module 4) 5
Objectives
• How to access the current level of security within the corporation.
• What to expect of the future of Information Security.
Security Assessment
Three areas in the company to focus on:
People Processes And technology
Security Assessment
• Create a security evaluation framework by
• Internal information security department or
• Third party vendor
(module 4) 7
(module 4) 8
Security Assessment
Internal department assessment can use “The executive guide to Information Security” as a guide.
(module 4) 9
Security Assessment
Third Party Vendors
Brought in as support and guide.
Require they have industry standards rather then their own.
The company can do their own follow up assessment in the future.
(module 4) 10
Security Assessment
Timeframe is usually 90 days for full assessment depending on the size of company.
After assessment, improvements can be planned and enacted.
(module 4) 11
The Future of Information Security
More and more threats More complex web applications = more complex threats
The Future of Information Security
The threats have global impact. The threats will spread faster. Hackers intentions will be motivated by organized
crime organizations.
(module 4) 13
Review of Objectives
• How to access the current level of security within the corporation.
• What to expect of the future of Information Security.
Real World Scenario
A hospital’s Web site was compromised because a Web developer made a programming error. Sensitive patient records were taken. When the criminals proved they had the data, the hospital had to choose between paying extortion or allowing their patients health records to be spread all over the Internet.
What do you do?
(module 4) 14
Real World Scenario Review Questions
1. Would an assessment prevented a situation like this?
2. Is your company prepared to handle a situation like this?
(module 4) 15
Tips to Take Back to the Office
Work on assessment right a way if you have not done so already.
Always be on the look out the latest and greatest hacker schemes.
(module 4) 16
(module 4) 17
Materials
• Executive security awareness brochure
• Website for executive security related articles
(module 4) 18
Questions