2015 Information Security Awareness Catalogue

Transcription

1 Contents 2015 Catalogue Wolfpack Engagement Model 4 Campaign Drivers 6 Offerings 8 Approach 9 Engaging Content 10 Stakeholder Change Management 12 Bundles 13 Content 14 Grey Wolf -Track compliance with our powerful Learning Management System (LMS) 18 Alert Africa - Our Public Initiative 20 About Us 22 Services Portfolio 23 Wolfpack 2015 Catalogue - Page 2 Wolfpack 2015 Catalogue - Page 3

2 2. ASSESS Wolfpack Engagement Model Predict Your Threats Internal External Industry Country Global RESEARCH & THREAT INTELLIGENCE 1. PREDICT SPECIALISED COLLABORATION PROJECTS Assess Your Vulnerabilities People Process Technology GOVERNANCE, RISK & COMPLIANCE ADVISORY SKILLS ASSESSMENTS TRAINING & AWARENESS PROGRAMMES 3. IMPROVE TALENT SOURCING & GRADUATE DEVELOPMENT Improve Your Defence Capability Wolfpack 2015 Catalogue - Page 4 Wolfpack 2015 Catalogue - Page 5

3 Campaign Drivers Creating an information security and privacy awareness and training programme is not a simple task. It can be very frustrating designing professional & engaging content. Remember - this is your brand to the business so it needs to look good! Providing your personnel with the security and privacy information they need, and ensuring they understand and follow the requirements, is a vital component to protecting your organisation, staff, trading partners & customers. Key Requirements: The need for a global awareness / culture campaign focusing on the protection of personal and confidential information Understanding of global and organisational stakeholder requirements The campaign must have impact & defined key performance / goal indicators Wolfpack Risk have established a comprehensive portfolio of training and awareness offerings. Research & Threat Intelligence Reports Programme Maturity Improvement Content Development Simulation, Animated Video & Cartoon Solutions Phishing & Social Engineering Assessments Governance, Risk Management & Compliance Curriculum Curriculum Forensics Curriculum Audit Curriculum Software Curriculum Wolfpack 2015 Catalogue - Page 6 Wolfpack 2015 Catalogue - Page 7

4 Offerings Approach SOLUTIONS Project Management Confidentiality Management Social Engineering Assessments Human Vulnerability Assessments The continual growth of regulatory requirements, complex business operations and increase in cyber threats demand a well thought-out and implemented approach to information risk management. Wolfpack Risk has extensive experience in this sector and draws considerable input from our Research, Threat Intelligence and Advisory units to offer a comprehensive awareness solution. Executive Cyber Vulnerability Assessments Grey Wolf Assessment And Learning Platform CONTENT Animated Video Series: 5 Privacy 7 Custom Development Posters / Cartoons / Screensavers Easy Policy Communicator Cybercrime Survival Guide & Induction Programme Simulations Interactive Sessions Phase 1: Plan Validate context and requirements for global awareness / culture campaign focusing on the protection of secret and confidential information Business Requirements Analysis Defined scope of work & campaign success factors Define stakeholder requirements for secret and confidential information leakage and relevant threat intelligence sources per location / industry Stakeholder Change Management The stakeholder change management framework will include a stakeholder matrix, change communication plan, key project metrics and content customisation / development blueprint Phase 2: Build Understand training and awareness requirements Executives Management Create Tailored Programme rollout programme for defined audience groups per region Tailored skills transfer programme for regional project champions Phase 3: Run Conduct pilot / full training and awareness programme Users and Third Parties Wolfpack 2015 Catalogue - Page 8 Wolfpack 2015 Catalogue - Page 9

5 Engaging Content Posters Protecting Personal Protecting Business Privacy Privacy POPI Compliance POPI Compliance POPI Compliance Protection of Personal Act Protection of Personal Act Protection of Personal Act Module 2 Module 1 Screensavers Interactive Simulations Module 3 Cybercrime Cyber Threat Password Safety & Account Management Cloud & Third Party Risks Protecting Your Family Social Engineering Employee & Contractor Risks Videos Cartoons Wolfpack 2015 Catalogue - Page 10 Wolfpack 2015 Catalogue - Page 11

6 Stakeholder Change Management Bundles Identify Stakeholders Starter Pack A fantastic way to enhance your organisation s awareness programme with professionally branded & engaging material. Objective What is included? 4 x Animated Videos (Cyber Threats / Social Engineering / PoPI / Privacy) 4 x Posters + Cartoons Training Workshop at Wolfpack offices Access to Cyber Pack Interest Group *All Starter Pack materials are Wolfpack branded. Message Add Add Add Medium Frequency Communicator Performance Metric Premium Pack Access Wolfpack s full range of awesome awareness content. Includes: All 12 x & Privacy Animated Videos (with more coming soon) Professional Posters, Screensavers & Cartoons Programme Toolkit (APT) to run strategy, comms, budget & more Grey Wolf LMS (Learning Management System) Run both & Training campaigns on one system Assess skills, track performance & compliance of all users Use either Wolfpack cloud system or implement in-house with full support *Includes local installation, initial setup, training & monthly telephonic support. Other Services Phishing & Executive Threat Assessments Easy Policy Communicator Induction, User & Executive Workshops Customisation Full Customisation of all our material available We can also create your own videos, posters, cartoons, banners, stickers & more Wolfpack 2015 Catalogue - Page 12 Wolfpack 2015 Catalogue - Page 13

7 Content POPI Compliance Modules The awareness content can be divided into two areas, namely and Privacy. Privacy Content Protecting Personal Looks at POPI and how it affects the protection of personal information, delivers the following key messages: Exercise caution when sending s containing sensitive information follow corporate guidelines Report any security incident promptly to your Department s Privacy or Team Protect the data you are handling as if it was your own Do not leave any confidential files or information in plain sight it s not yours to share. Protecting privacy is everyone s responsibility Protecting Business Privacy Identifies the implications that POPI has on business, delivers the following key messages: POPI aligns with the organisation s strategic focus to place the customer at the core of our business We wish to empower our staff to instill a culture of compliance with respect to the privacy and protection of our customer information Privacy protection is not a project with a start and end it is an attitude and approach that needs to be woven into the culture of the organisation POPI Compliance Module 1 Addresses the first three principles of POPI i.e. Accountability, Quality and Safeguards, the following key messages are delivered: You cannot outsource accountability be careful about who has access to personal information Maintain data quality Always ensure our information is up to date and complete Always ensure personal information is protected We are not just dealing with 1s and 0s. It s people s lives POPI Compliance Module 2 Addresses the following principles of POPI: Processing limitation, Purpose Specification and Further Processing Limitation. The following key messages are delivered: Respect the privacy of your client s personal information Always keep in mind the original reason for obtaining a client s personal information Innovation is encouraged but not at the expense of our client s right to privacy POPI Compliance Module 3 Addresses the following principles of POPI: Openness and Data Subject Participation.The following key messages are delivered: Ensure you are always open and honest with your clients regarding your intentions with their personal information Your clients have the right to question our management of their personal information Wolfpack 2015 Catalogue - Page 14 Wolfpack 2015 Catalogue - Page 15

8 Content Content Cybercrime Identifies the different types of cybercrime tactics employed by cybercriminals to exploit their victims. Delivers the following key messages: Perform background checks on new employees Don t use unauthorised software or media Protect both company and personal information You are a target for cyber criminals don t become the next victim Cyber Threat Provides an overview of the different cyber threats. Delivers the following key messages: The different cyber threats focusing on Cyber Warfare, Cyber Espionage and Cyber Crime Implications of cyber threats Password Safety and Account Management Highlights the importance of keeping passwords safe and secure. Delivers the following key messages: Protecting Your Family Highlights the threats faced by children when using the Internet and social media. Delivers the following key messages: Make sure you verify the details of who you are talking to online Never agree to meet up with someone you met online without your parents knowing If you do agree to meet the person, at least take someone you trust with you to the first meeting Ensure all family computers are in open view and are loaded with Parental Control Software The internet is a wonderful tool to use, as long as it issued responsibly Social Engineering Identifies the social engineering tactics used by cyber criminals. Delivers the following key messages: Always ask for identification from anyone entering your premises, do not allow tailgating Be cautious of what corporate and employee information is on social media sites Ensure that confidential information is shredded before disposal to bins accessible by the public Do not allow anybody in without some identification being in a hurry is no excuse Cloud and Third Party Risks Identifies the risks involved in using cloud and third party services. Delivers the following key messages: Think twice when you want to store sensitive data in the cloud and assess the impact if this data is exposed Maintain a local backup copy of your important data in case the service provide is offline Ensure the service provider has protection agreements in place Understand where your data is hosted and whether this impacts any privacy requirements Cloud computing offers an effective data solution, as long as you choose your provider wisely. Passwords must be a combination of upper and lower case letters, at least one special character and number Passwords must be a minimum of 7 characters and not exceed 30 characters Never write passwords down The same character should not be used consecutively You are a target for cyber criminals don t become the next victim Employee and Contractor Risks Identifies the risks of not doing thorough background checks on employees and contractors. Delivers the following key messages: Background verification checks on all candidates for employment and contractors should be carried out roles and responsibilities should be defined and clearly communicated to job candidates during the pre-employment process All employees and contractors who are given access to sensitive information should sign a confidentiality or non-disclosure agreement prior to being given access All employees and contractors should return all of the organisation s assets in their possession upon termination of their employment or contract Your company is a target for man risks don t risk the lives of your family and your employees Wolfpack 2015 Catalogue - Page 16 Wolfpack 2015 Catalogue - Page 17

9 Grey Wolf -Track compliance with our powerful Learning Management System (LMS) Course Home User Friendly Interfaces Track Student Progress Question Statistics Rewards Wolfpack 2015 Catalogue - Page 18 Wolfpack 2015 Catalogue - Page 19

10 Alert Africa - Our Public Initiative The Alert Africa website aims to educate the average internet users about differnt cyber threats that exists online, provides useful tips on how to not become a victim as well as where to report cybercrime to. The goal of the Cybercrime Survival Guide is to firstly raise awareness of the potential cyber risks you may face and to provide you with a non-technical approach to PROTECT yourself online. The guidance offers valuable tips for cloud users, personal computers and mobile devices to ensure that your own private and financially sensitive information is kept safe. You don t have to be a computer guru to use this guide. Wolfpack 2015 Catalogue - Page 20 Wolfpack 2015 Catalogue - Page 21

11 About Us Services Portfolio Trusted information risk advisors to a growing base of government and private sector clients. We offer cutting-edge research & threat intelligence, professional advisory, custom training & awareness programmes. Level 2 BBBEE contributor Training IT Governance, Risk, Cyber & Privacy Training Foundation Intermediate Advanced Graduate Development Programme Talent Management Specialist Governance, Risk and Compliance Recruiting Co-Sourcing and Outsourcing Skills and Competency Assessments Research and Threat Intelligence Cyber Threat Intelligence Reports Local & Industry Analysis Quarterly Cybershield Publications Executive Threat Assessments Phishing Assessments Grey Wolf Assessment & Learning Platform Animated Video Poster Cartoon Series Advisory IT Governance, Risk, Cyber & Privacy Consulting Vulnerability & Threat Assessments ISO Certification ISO Certification Wolfpack 2015 Catalogue - Page 22 Wolfpack 2015 Catalogue - Page 23