Upload
jodie-york
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
SECURING OUR EMPLOYEES
Firewalls
IDS SSL
Authentication
Logging
Antivirus
Examples• Use recent examples from media of such
attacks (RSA, Epsilon, Oak Ridge National Labs, HBGary).
• Articles in business magazines (WSJ, Forbes)• Record incidents (www.privacyrights.org).• Recent human incidents in your organization.• Conduct a security awareness survey or
assessment.• Compare money invested in securing a
company computer versus company employee.
Value to Organization1. Reduce risk (get examples of risk metrics
from www.securingthehuman.org/resources/planning).
2. Remain compliant (list any specific standards your organization must be compliant with).
3. Reduce costs (freeing up security resources to focus on more advanced threats)
4. Promotes secure brand that is serious about protecting our customers.
5. Train employees on our policies, processes and standards.
Non-Existent
Compliance Focused
Promoting Awareness & Change
Long Term Sustainment
Metrics
Security Awareness Maturity Model
Key Points on Awareness• Most awareness programs have had
little impact because they were never designed to.
• Awareness is another control.• Long term program – lifecycle.• Not just prevention – detection and
response.• Not just about clicking on links.
What We Need• Senior management support,
including being part of communications.
• Business unit / department support to help coordinate organization wide deployment.
• Access to resources ( such as marketing, communications, human resources, etc.)
• Budget• Sign-off on program or planning of
program.
Summary• Humans are another operating system
but to date very little has been done to secure them.
• We can dramatically reduce risk to our organization and remain compliant by implementing an active, longer term awareness program.