Upload
constance-watts
View
224
Download
2
Embed Size (px)
DESCRIPTION
Copyright 2002 VCampus Corporation 3 What Is It? First, a definition of “Information Security” Then, we’ll talk about “Information Security Awareness ”
Citation preview
INFORMATION SECURITY INFORMATION SECURITY AWARENESS AWARENESS
Whose Job is it Anyway?Whose Job is it Anyway?
• Ron Freedman Ron Freedman Vice PresidentVice President
VCampus CorporationVCampus Corporation
• Scott WrightScott WrightPresidentPresidentNetwork Security SolutionsNetwork Security Solutions
Copyright 2002 VCampus Corporation2
Information Security Awareness
Today’s Agenda What is Information Security? The Goals of an Information Security Program External Threats Internal Threats It's Everyone's Job The Role of Online Learning Demonstration Questions and Answers
Copyright 2002 VCampus Corporation3
What Is It?
First, a definition of “Information Security”
Then, we’ll talk about “Information Security Awareness”
Copyright 2002 VCampus Corporation4
A Traditional Definition
“The protection afforded to an information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (including hardware, software, firmware, information/data, and telecommunications).”
The NIST Handbook
Copyright 2002 VCampus Corporation5
Goals of Information Security
Traditional CIA– Confidentiality– Integrity– Availability
Add to that . . . – Accountability– Auditability– Nonrepudiation
Copyright 2002 VCampus Corporation6
Purpose of Security Awareness
To create employee sensitivity to the threats and vulnerabilities of information systems
To help employees recognize the need to protect data and information
To help employees recognize that IT security is critical
To set the stage for information security training
Copyright 2002 VCampus Corporation7
What Should Be Included
Start with policies– Explain that your organization values
information as a critical asset– Explain the threats to your information
systems and why you created the company policies
People tend to follow policies when they know the “why”
Copyright 2002 VCampus Corporation8
External Threats
Hackers Viruses
Copyright 2002 VCampus Corporation9
Well Known Hacker Groups
Cult of the Dead Cow
2600
Defcon 9.0
Copyright 2002 VCampus Corporation10
Viruses
What is a virus… Just a program– To be a virus, a program must:
Reproduce and infect
It can do almost anything it wants to do, but …
The bigger it gets, the easier it is to find.
Copyright 2002 VCampus Corporation11
Internal Threats
Contractors Visitors Employees “ECP”
Copyright 2002 VCampus Corporation12
Coffee Break
Copyright 2002 VCampus Corporation13
It’s Everyone’s Job
Management Technical Staff End Users
Copyright 2002 VCampus Corporation14
The Role of Online Learning
Tailored content for various user communities Rapidly updated to address new threats Consistent message delivered to each
audience Ability to measure achievement of learning
objectives Tracking capability for compliance needs
Copyright 2002 VCampus Corporation15
Online Demonstration
Copyright 2002 VCampus Corporation16
What Can You Do?
Perform a Risk Analysis Create and publish security policies
– Your information security policies should include at least:
Password control and protection Internet access Virus prevention
Start an Awareness Program
Copyright 2002 VCampus Corporation17
How Do I Learn More?
VCampus security courses include: Information Security Awareness Selecting a Good Password Internet Security Firewall Principles Secure Web Commerce PKI Workplace Security Air Travel Safety