INFORMATION SECURITY INFORMATION SECURITY AWARENESS AWARENESS

Whose Job is it Anyway?Whose Job is it Anyway?

• Ron Freedman Ron Freedman Vice PresidentVice President

VCampus CorporationVCampus Corporation

• Scott WrightScott WrightPresidentPresidentNetwork Security SolutionsNetwork Security Solutions

Copyright 2002 VCampus Corporation2

Information Security Awareness

Today’s Agenda What is Information Security? The Goals of an Information Security Program External Threats Internal Threats It's Everyone's Job The Role of Online Learning Demonstration Questions and Answers

Copyright 2002 VCampus Corporation3

What Is It?

First, a definition of “Information Security”

Then, we’ll talk about “Information Security Awareness”

Copyright 2002 VCampus Corporation4

A Traditional Definition

“The protection afforded to an information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (including hardware, software, firmware, information/data, and telecommunications).”

The NIST Handbook

Copyright 2002 VCampus Corporation5

Goals of Information Security

Traditional CIA– Confidentiality– Integrity– Availability

Add to that . . . – Accountability– Auditability– Nonrepudiation

Copyright 2002 VCampus Corporation6

Purpose of Security Awareness

To create employee sensitivity to the threats and vulnerabilities of information systems

To help employees recognize the need to protect data and information

To help employees recognize that IT security is critical

To set the stage for information security training

Copyright 2002 VCampus Corporation7

What Should Be Included

Start with policies– Explain that your organization values

information as a critical asset– Explain the threats to your information

systems and why you created the company policies

People tend to follow policies when they know the “why”

Copyright 2002 VCampus Corporation8

External Threats

Hackers Viruses

Copyright 2002 VCampus Corporation9

Well Known Hacker Groups

Cult of the Dead Cow

2600

Defcon 9.0

Copyright 2002 VCampus Corporation10

Viruses

What is a virus… Just a program– To be a virus, a program must:

Reproduce and infect

It can do almost anything it wants to do, but …

The bigger it gets, the easier it is to find.

Copyright 2002 VCampus Corporation11

Internal Threats

Contractors Visitors Employees “ECP”

Copyright 2002 VCampus Corporation12

Coffee Break

Copyright 2002 VCampus Corporation13

It’s Everyone’s Job

Management Technical Staff End Users

Copyright 2002 VCampus Corporation14

The Role of Online Learning

Tailored content for various user communities Rapidly updated to address new threats Consistent message delivered to each

audience Ability to measure achievement of learning

objectives Tracking capability for compliance needs

Copyright 2002 VCampus Corporation15

Online Demonstration

Copyright 2002 VCampus Corporation16

What Can You Do?

Perform a Risk Analysis Create and publish security policies

– Your information security policies should include at least:

Password control and protection Internet access Virus prevention

Start an Awareness Program

Copyright 2002 VCampus Corporation17

How Do I Learn More?

VCampus security courses include: Information Security Awareness Selecting a Good Password Internet Security Firewall Principles Secure Web Commerce PKI Workplace Security Air Travel Safety