How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey."

Transcription

1 SECURITY AWARENESS SURVEY Is a survey necessary A survey will give you insight into information security awareness within your company. The industry has increasingly realized that people are at least as important as technology, and probably more important when it comes to protecting information assets. An organization that lacks security awareness on the part of users of technology may experience more security incidents, greater losses, and increased risk of compliance failure. The extent of such risks is difficult to measure but, like any organizational behavior, more visibility into the nature of the behavior leads to better control and management of that behavior. That s why we view a survey as necessary. This survey is not a magic bullet, nor a crystal ball. It is a diagnostic instrument that can provide empirical evidence of security behaviors and attitudes within the organization. The data collected can then be used to identify areas of possible improvement and risk reduction. When administered repeatedly over time, the survey can provide a baseline of security awareness that may indicate progress or challenges for the security awareness program. How it works There are 30 questions, measuring characteristics of the company s security awareness posture. Some questions collect factual data (role, time in job, etc.) while others collect data about the user s awareness, attitudes and behaviors. How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey. 1. Identify executive stakeholders or sponsors to help promote the value of the survey, perhaps even have them send an organization wide announcing the survey and its purpose. 2. Have the survey reviewed and approved by public relations, HR, or legal. 3. Identify the scope of users you want to take the survey (employees, contractors, volunteers, etc.) Don t forget to include management and specialists, who are also end users of technology. 4. Determine if the survey will be required or is voluntary. If it is voluntary, what is the motivation or is there a prize for taking the survey? 5. Consider whether the survey should be anonymous, particularly if asking questions about behaviors that may violate company policy. Respondents are more likely to be honest if they are not worried that their response may incriminate them or result in punishment. 6. Evaluate and chose a survey engine or learning management system from which to conduct to the survey (Google, Survey Monkey, etc.).

2 7. Determine how long to leave the survey open. 8. Determine the audience for the results of the survey and how to disseminate insights gained. 9. Determine if you will conduct longitudinal surveys of the same respondents to measure progress over time (perhaps as the result of specific awareness interventions). Survey Questions 1. What is your employment status? a. Full time employee b. Part time employee c. Contractor d. Partner e. Vendor f. Other (please describe open field) 2. What is your management position? a. I am an executive or other senior manager b. I am a front line manager c. I am not a manager but I supervise others (team or project lead) d. I am not a manager 3. Where do you work? a. Sales b. Accounting c. Marketing d. Information Technology e. Human Resources f. Manufacturing g. OTHER [AS NECESSARY] 4. How long have you worked in your role? a. More than five years b. Three to five years c. One to three years d. Less than one year 5. How aware are you of the activities of the company s information security organization? a. I know where the organization sits in the organization, what they do, and how to contact them b. I know we have such an organization and where to go to find out more about them c. I ve heard that organization mentioned, but I have no more knowledge than that d. I did not know we had such an organization in our company 6. When was the last time you remember interacting with the company s information security team (receiving an , receiving security training, having an information security team member in a meeting, etc.)? a. Within the last week

3 b. Within the last month c. Within the last year d. It s been over a year e. I have never interacted with the information security team 7. How important are the actions and activities of the company s information security organization to your daily job and tasks? a. Very important I use materials and guidance they provide almost every day b. Somewhat important they have given me skills and knowledge that have helped me in my job c. Neither important nor unimportant I assume their activities function in the background d. Not important I don t feel like I get any benefit from the information security organization e. Detrimental the information security organization actually hinders my job performance f. Unknown I know nothing about the information security organization 8. How confident are you that you can recognize the symptoms and signs of a computer security incident? Computer security incidents may include viruses and malware on your PC or phone, a hacker gaining unauthorized access to your system, or an attacker tricking you into giving away sensitive data over the phone or by . d. Not very confident e. No confidence at all 9. How confident are you that you would recognize the symptoms of a specific security incident [NOTE: customize this question with any particular scenario of interest]. d. Not very confident e. No confidence at all 10. Have you ever been directly involved in a security incident? Computer security incidents may include viruses and malware on your PC or phone, a hacker gaining unauthorized access to your system, or an attacker tricking you into giving away sensitive data over the phone or by . a. Yes b. No c. I don t know or am not sure 11. If you were to suspect that your computer, smart phone, or other device was involved in a security incident such as a virus, a hacker attack, or some other problem, how confident do you feel that you know how to respond to and report the situation?

4 d. Not very confident e. Not confident at all 12. If you were to suspect that your computer, smart phone, or other device was involved in a security incident such as a virus, a hacker attack, or some other problem, what would you do? Select all that apply. a. Tell my manager b. Tell my coworkers c. Contact the IT Security team (I currently have this information or know where to find it) d. Contact the IT Help Desk (I currently have this information or know where to find it) e. I do not know who I am supposed to inform if this happens f. I would be worried about telling anyone, since I might get in trouble 13. I have been given the information necessary to know what to do if I suspect that my computer, smart phone, or other device was involved in a security incident, such as a virus, a hacker attack, or some other problem. a. I have all the information I need to respond and report the incident b. I have some of the information I need to respond and report the incident, but I have questions c. I would be confused as to what to do because I do not have all the information I need d. I feel like I have no information regarding what to do in such an event, and might ignore it 14. Without being specific, do you know of any situations in the company where someone has given their password to another person for any reason? a. Yes b. No c. I don t know or am not sure 15. Without being specific, do you know of any situations where people in the company share the same password for an IT system or application? a. Yes b. No c. I don t know or am not sure 16. How familiar are you with the company records retention policy, including the proper ways to create, classify, manage, and dispose of both electronic and hard copy documents? a. Very familiar b. Somewhat familiar d. Not very familiar e. I do not know what that policy is 17. How familiar are you with the company information classification policy, including the proper ways to identify and label both electronic and hard copy documents? a. Very familiar b. Somewhat familiar d. Not very familiar

5 e. I do not know what that policy is 18. How confident are you that you know how to protect sensitive company information in electronic documents, including how to label, share, and securely dispose of such information? d. Not very confident e. Not confident at all 19. How well do you feel the company manages IT assets including computers, phones, and other devices to protect them from security threats? a. The company manages computer security very well b. The company manages computer security well c. The company manages computer security neither well nor badly d. The company manages computer security badly e. The company manages computer security very badly f. I don t know 20. How much do you worry about the risk of using IT assets including computers, phones, and other devices inside the company? a. I worry a lot about the risks b. I sometimes worry about the risks c. I rarely worry about the risks d. I never worry about the risks e. I don t know or have never thought about the risks 21. How involved do you feel in the daily process of information security and protecting the company s information assets? a. I feel very involved b. I feel somewhat involved c. I feel somewhat uninvolved d. I feel very uninvolved e. I don t know or have never thought about it 22. How much do you worry about becoming the victim of a phishing attack at work? a. A lot b. A little c. Not at all d. I don t know what phishing attack means 23. How often do you receive s with attachments or links to the Web? a. Very often once or more each day b. Often more than one each week c. Occasionally a few each month d. Almost never less than one per month e. I don t understand the question 24. How often do you receive s from strangers or organizations you do not recognize?

6 a. Very often once or more each day b. Often more than one each week c. Occasionally a few each month d. Almost never less than one per month e. I don t know 25. Of the s you receive with attachments or links to the Web, how often do you open the attachment or click on the link? a. Every time b. Sometimes c. Rarely d. Never e. I don t understand the question 26. To what extent would you agree to the following statement: No hacker would attack me or my computer. I don t have anything they would want a. Completely agree b. Agree somewhat c. Neither agree nor disagree d. Disagree somewhat e. Completely disagree 27. In the past three months, have you (check all that apply): a. Tried to visit a website and found that the company blocks you from doing so? b. Wanted to visit a website but did not do so because you knew it was against company policy? c. Visited a website even though you were not sure whether it was against company policy? d. Known of someone who deliberately visited websites that were explicitly prohibited by company policy. 28. Based on your everyday work experience, how would you rank the following priorities of your organization? Please rank the most important priority as 1, the next important priority as 2 and so on. a. Financials (profit, revenue, share price, etc.) b. Customer satisfaction (delivery, marketing, complaints) c. Innovation (the ability to create new products and/or business processes) d. Information Technology (using the best, most modern technologies) e. Information Security (protecting company information assets) f. Employees (safety, satisfaction, retention) g. Other (please list) 29. Do you ever feel pressure to do more with less in your job, even if that means cutting corners in some areas in order to complete others? a. Always b. Often, but not always c. Sometimes d. Not very often

7 e. Never 30. How many times, in the last year, have you heard information security discussed in a formal setting outside of specific security training exercises (for example, in staff meetings, in general company memos or s, or in performance reviews)? a. I have never heard security discussed unless I was taking security training f. On occasion, I have heard about security, but usually because of some specific event g. Security is talked about as often as anything else, even when I m not undergoing specific training h. Security is often a topic, in a variety of settings, during my daily job Security is always top of mind, and is discussed c Popcorn Training Feel free to contact us for further information & assistance. Tel: Website: Ref: Securing the human. (SANS)

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains Information Security Advisor December 2015 Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains +GAMES Spot the insider & Human firewall Filtering EXerCISE Good

More information

5 Reasons Why Your Security Education Program isn t Working (and how to fix it)

5 Reasons Why Your Security Education Program isn t Working (and how to fix it) 5 Reasons Why Your Security Education Program isn t Working (and how to fix it) February 2015 Presentation Agenda Importance of Secure End User Behavior 5 Reasons Your Program isn t Working 10 Learning

More information

C-SAVE. Scenario #1 Jake and the Bad Virus. The two major C3 concepts this scenario illustrates are:

C-SAVE. Scenario #1 Jake and the Bad Virus. The two major C3 concepts this scenario illustrates are: Scenario #1 Jake and the Bad Virus The two major C3 concepts this scenario illustrates are: Cyber Security: Jake compromised his computer s security by providing personal information to an unknown online

More information

5 Reasons Why Your Security Education Program isn t Working (and how to fix it)

5 Reasons Why Your Security Education Program isn t Working (and how to fix it) 5 Reasons Why Your Security Education Program isn t Working (and how to fix it) February 2015 Presentation Agenda 5 Reasons Your Program isn t Working 10 Learning Science Principles Continuous Training

More information

Assessment for Establishing a Whistleblower Hotline:

Assessment for Establishing a Whistleblower Hotline: Report # 2012-01 Assessment for Establishing a Whistleblower Hotline: Establishing a whistleblower hotline could benefit the City by empowering employees to report fraud, waste and Establishing a whistleblower

More information

Information Security Policy

Information Security Policy Information Security Policy Contents Version: 1 Contents... 1 Introduction... 2 Anti-Virus Software... 3 Media Classification... 4 Media Handling... 5 Media Retention... 6 Media Disposal... 7 Service Providers...

More information

Business Case. for an. Information Security Awareness Program

Business Case. for an. Information Security Awareness Program Business Case (BS.ISAP.01) 1 (9) Business Case for an Information Security Business Case (BS.ISAP.01) 2 Contents 1. Background 3 2. Purpose of This Paper 3 3. Business Impact 3 4. The Importance of Security

More information

Computer Security Self-Test: Questions & Scenarios

Computer Security Self-Test: Questions & Scenarios Computer Security Self-Test: Questions & Scenarios Rev. Sept 2015 Scenario #1: Your supervisor is very busy and asks you to log into the HR Server using her user-id and password to retrieve some reports.

More information

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy. Abstract This paper addresses the methods and methodologies required to develop a corporate security policy that will effectively protect a company's assets. Date: January 1, 2000 Authors: J.D. Smith,

More information

The Importance of Cyber Threat Intelligence to a Strong Security Posture

The Importance of Cyber Threat Intelligence to a Strong Security Posture The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR Chris Apgar, CISSP 2015 OVERVIEW Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right

More information

Onboarding Program. Sponsor s Guide

Onboarding Program. Sponsor s Guide Onboarding Program Sponsor s Guide Sponsor s Guide Introduction This guide has been developed to help sponsors in their roles with new employees. We want to help you be effective and successful in this

More information

SPECIAL REPORT INFUSIONSOFT: 7 KEYS TO TOP RESULTS. What s Inside? OVERVIEW KEY # 1: RESPECT YOUR AUDIENCE

SPECIAL REPORT INFUSIONSOFT: 7 KEYS TO TOP RESULTS. What s Inside? OVERVIEW KEY # 1: RESPECT YOUR AUDIENCE SPECIAL REPORT INFUSIONSOFT: 7 KEYS TO TOP RESULTS OVERVIEW You have your data imported, some follow-up sequences, and some initial results with Infusionsoft. Now what? Infusionsoft is a powerful product,

More information

Information Security Training. Jason Belford Jimmy Lummis

Information Security Training. Jason Belford Jimmy Lummis Information Security Training Jason Belford Jimmy Lummis Presenters Who are these guys? Jason Belford Principal Information Security Engineer Jimmy Lummis Information Security Policy and Compliance Manager

More information

October Is National Cyber Security Awareness Month!

October Is National Cyber Security Awareness Month! (0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life

More information

'Namgis Information Technology Policies

'Namgis Information Technology Policies 'Namgis Information Technology Policies Summary August 8th 2011 Government Security Policies CONFIDENTIAL Page 2 of 17 Contents... 5 Architecture Policy... 5 Backup Policy... 6 Data Policy... 7 Data Classification

More information

Protect yourself online

Protect yourself online Protect yourself online Advice from Nottinghamshire Police s Pre Crime Unit Get daily updates: www.nottinghamshire.police.uk www.twitter.com/nottspolice www.facebook.com/nottspolice www.youtube.com/nottinghampolice

More information

Information security education for students in Japan

Information security education for students in Japan Information security education for students in Japan Introduction This article aims to introduce the current situation of elementary and secondary school education on information security in Japan, as

More information

Data Security in Development & Testing

Data Security in Development & Testing Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development

More information

THE RISK OF SOCIAL ENGINEERING ON INFORMATION SECURITY:

THE RISK OF SOCIAL ENGINEERING ON INFORMATION SECURITY: Introduction The threat of technology-based security attacks is well understood, and IT organizations have tools and processes in place to manage this risk to sensitive corporate data. However, social

More information

Designing and Implementing Your Communication s Dashboard: Lessons Learned

Designing and Implementing Your Communication s Dashboard: Lessons Learned Designing and Implementing Your Communication s Dashboard: Lessons Learned By Katie Delahaye Paine President, Paine & Partners Contact Information: Katie Delahaye Paine CEO KDPaine & Partners Durham, NH

More information

Business leaders have long recognized that attracting and

Business leaders have long recognized that attracting and SHRM Foundation Executive Briefing Developing an Employee Engagement Strategy Sponsored by SurveyMonkey Business leaders have long recognized that attracting and retaining top talent is critical for organizational

More information

Security Awareness Quiz Questions

Security Awareness Quiz Questions Category Question Awareness Quiz Questions Answer 1. Why is backing up data files important? Backups ensure that the information you need is there when you need it If the information is damaged it can

More information

Computer and Information Security End User Questionnaire

Computer and Information Security End User Questionnaire Computer and Information Security End User Questionnaire Human Factors Issues in Computer and Information Security Funded by the National Science Foundation: EIA-0120092 Project http://cis.engr.wisc.edu/

More information

4 Ways an Information Security Analyst Improves Business Productivity

4 Ways an Information Security Analyst Improves Business Productivity 4 Ways an Information Security Analyst Improves Business Productivity www.gr e xo.co m 4 Ways an Information Security Analyst Improves Business Productivity The increase of data breaches and hackers has

More information

Cal Poly PCI DSS Compliance Training and Information. Information Security http://security.calpoly.edu 1

Cal Poly PCI DSS Compliance Training and Information. Information Security http://security.calpoly.edu 1 Cal Poly PCI DSS Compliance Training and Information Information Security http://security.calpoly.edu 1 Training Objectives Understanding PCI DSS What is it? How to comply with requirements Appropriate

More information

Best in Class Customer Retention

Best in Class Customer Retention Take your business to the next level Best in Class Customer Retention A 5% Improvement Can Double Your Bottom Line Profits Free Sales and Marketing Audit Call 410-977-7355 Lead Scoring, Prioritization,

More information

Life With Hope I m Not An Addict I M NOT AN ADDICT 147

Life With Hope I m Not An Addict I M NOT AN ADDICT 147 I M NOT AN ADDICT How could I be an addict? My life is great. I live in a very good area of Los Angeles, drive a nice sports car, have a good job, pay all my bills, and have a wonderful family. This is

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Developing the Security Program Jan 27, 2005 Introduction Some organizations use security programs to describe the entire set of personnel, plans, policies, and initiatives

More information

2012 NCSA / Symantec. National Small Business Study

2012 NCSA / Symantec. National Small Business Study 2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National

More information

Understanding the Cyber Risk Insurance and Remediation Services Marketplace:

Understanding the Cyber Risk Insurance and Remediation Services Marketplace: Understanding the Cyber Risk Insurance and Remediation Services Marketplace: A Report on the Experiences and Opinions of Middle Market CFOs September 2010 Betterley Risk Research Insight for the Insurance

More information

Use Case Experiment Investigator: Soren Lauesen, slauesen@itu.dk

Use Case Experiment Investigator: Soren Lauesen, slauesen@itu.dk Use Case Experiment Investigator: Soren Lauesen, slauesen@itu.dk SL 16-06-2009 We - the IT professionals - often write some kind of use cases. Our "use cases" may be quite different, e.g. UML-style, tasks,

More information

Presented by: Pikr.co.za Contact us: info@pikr.co.za Visit us: www.pikr.co.za

Presented by: Pikr.co.za Contact us: info@pikr.co.za Visit us: www.pikr.co.za Presented by: Pikr.co.za Contact us: info@pikr.co.za Visit us: www.pikr.co.za 1 Do you KNOW what is being said about YOUR business online? In the age of social media and technology, it is sometimes easy

More information

TRAINING NEEDS ANALYSIS

TRAINING NEEDS ANALYSIS TRAINING NEEDS ANALYSIS WHAT IS A NEEDS ANALYSIS? It is a systematic means of determining what training programs are needed. Specifically, when you conduct a needs analysis, you Gather facts about training

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

Multi-Factor Authentication (FMA) A new security feature for Home Banking. Frequently Asked Questions 8/17/2006

Multi-Factor Authentication (FMA) A new security feature for Home Banking. Frequently Asked Questions 8/17/2006 Multi-Factor Authentication (FMA) A new security feature for Home Banking Frequently Asked Questions 8/17/2006 1. Why is MFA being added? We take our obligation to protect our members seriously. To make

More information

2H 2015 SHADOW DATA REPORT

2H 2015 SHADOW DATA REPORT 2H 20 SHADOW DATA REPORT Shadow Data Defined: All potentially risky data exposures lurking in cloud apps, due to lack of knowledge of the type of data being uploaded and how it is being shared. Shadow

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 14 Risk Mitigation Objectives Explain how to control risk List the types of security policies Describe how awareness and training

More information

Gwinnett United In Drug Education, Inc. Social Media Policy. Page 1 Updated 1-11-15

Gwinnett United In Drug Education, Inc. Social Media Policy. Page 1 Updated 1-11-15 Gwinnett United In Drug Education, Inc. Social Media Policy Page 1 Updated 1-11-15 Introduction Gwinnett United in Drug Education, Inc. (GUIDE) recognizes the importance of social media to interact with

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

A MyPerformance Guide to Performance Conversations

A MyPerformance Guide to Performance Conversations A MyPerformance Guide to Performance Conversations brought to you by the BC Public Service Agency contents Elements of a Conversation Preparing for the Conversation Clear on Intent/Topic for Discussion

More information

DIGITAL CITIZENS ALLIANCE REPORT GARTH BRUEN: TAX SCAM REPORT

DIGITAL CITIZENS ALLIANCE REPORT GARTH BRUEN: TAX SCAM REPORT DIGITAL CITIZENS ALLIANCE REPORT GARTH BRUEN: TAX SCAM REPORT TABLE OF CONTENTS summary tax scams: it s that time of year again money and fear phishing pirated tax software and fake websites 2 3 5 5 6

More information

HIPAA Myths. WEDI Member Town Hall. Chris Apgar, CISSP Apgar & Associates

HIPAA Myths. WEDI Member Town Hall. Chris Apgar, CISSP Apgar & Associates HIPAA Myths WEDI Member Town Hall Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right

More information

Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.

Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions. Tahoe Tech Group LLC Cyber Security Briefing Truckee Donner Chamber of Commerce March 6, 2015 Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.

More information

Defending Networks with Incomplete Information: A Machine Learning Approach. Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject

Defending Networks with Incomplete Information: A Machine Learning Approach. Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject Agenda Security Monitoring: We are doing it wrong Machine Learning

More information

Section 1: Introduction to the Employee Satisfaction Roll Out Process 3

Section 1: Introduction to the Employee Satisfaction Roll Out Process 3 TABLE OF CONTENTS: Section 1: Introduction to the Employee Satisfaction Roll Out Process 3 Section 2: The Survey Roll Out Process Defined... 4-15 1: Survey Completed And Data Collected. 4 2: Leaders Trained

More information

INTERNET SAFETY: VIRUS: a computer program that can copy itself and infect your computer. CAPTCHAS: type the letters to set up an online account

INTERNET SAFETY: VIRUS: a computer program that can copy itself and infect your computer. CAPTCHAS: type the letters to set up an online account INTERNET SAFETY: VIRUS: a computer program that can copy itself and infect your computer Malware: Harmful software programs designed to damage your computer without you knowing. Spyware: Undetected programs

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

AusCERT Home Users Computer Security Survey 2008

AusCERT Home Users Computer Security Survey 2008 AusCERT Home Users Computer Security Survey 2008 Kathryn Kerr Manager, Analysis and Assessments 1 Agenda Scope Purpose Methodology Key findings Conclusion Copyright 2007 AusCERT 2 Survey scope Random sample

More information

Are you Smarter than a Scam Artist? 2015 AASC National Conference Nashville, Tennessee

Are you Smarter than a Scam Artist? 2015 AASC National Conference Nashville, Tennessee Are you Smarter than a Scam Artist? 2015 AASC National Conference Nashville, Tennessee Government Grants The government gives grants to special people like you! Stimulus money is still available through

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Working Practices for Protecting Electronic Information

Working Practices for Protecting Electronic Information Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that

More information

BERKELEY COLLEGE DATA SECURITY POLICY

BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY TABLE OF CONTENTS Chapter Title Page 1 Introduction 1 2 Definitions 2 3 General Roles and Responsibilities 4 4 Sensitive Data

More information

UNDERSTANDING YOUR ONLINE FOOTPRINTS: HOW TO PROTECT YOUR PERSONAL INFORMATION ON THE INTERNET

UNDERSTANDING YOUR ONLINE FOOTPRINTS: HOW TO PROTECT YOUR PERSONAL INFORMATION ON THE INTERNET UNDERSTANDING YOUR ONLINE FOOTPRINTS: HOW TO PROTECT YOUR PERSONAL INFORMATION ON THE INTERNET SPEAKING NOTES FOR GRADES 4 TO 6 PRESENTATION SLIDE (1) Title Slide SLIDE (2) Key Points It can be really

More information

Mobile E-Commerce: Friend or Foe? A Cyber Security Study

Mobile E-Commerce: Friend or Foe? A Cyber Security Study Research February 2015 Mobile E-Commerce: Friend or Foe? A A J.Gold Associates Research Report Many consumers now interact with the Internet primarily through mobile devices, avoiding traditional PC devices

More information

Concordia University College of Alberta. Master of Information Systems Security Management (MISSM) Program. 7128 Ada Boulevard, Edmonton, AB

Concordia University College of Alberta. Master of Information Systems Security Management (MISSM) Program. 7128 Ada Boulevard, Edmonton, AB Concordia University College of Alberta Master of Information Systems Security Management (MISSM) Program 7128 Ada Boulevard, Edmonton, AB Canada T5B 4E4 Information Security Awareness: Issues and Proposed

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

Pastors and Domestic and Sexual Violence Survey of 1,000 Protestant Pastors

Pastors and Domestic and Sexual Violence Survey of 1,000 Protestant Pastors Pastors and Domestic and Sexual Violence Survey of 1,000 Protestant Pastors Sponsored by: Sojourners and IMA World Health 2 Methodology The telephone survey of Protestant pastors was conducted May 7-31,

More information

Tips for Banking Online Safely

Tips for Banking Online Safely If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining

More information

Information Security Awareness Training and Phishing

Information Security Awareness Training and Phishing Information Security Awareness Training and Phishing Audit Report Report Number IT-AR-16-001 October 5, 2015 Highlights The Postal Service s information security awareness training related to phishing

More information

Disclosure Best Practices Toolkit 2 0 1 1 E D I T I O N

Disclosure Best Practices Toolkit 2 0 1 1 E D I T I O N Disclosure Best Practices Toolkit 2 0 1 1 E D I T I O N Introduction This document is a series of checklists to help companies, their employees, and their agencies create social media policies. Our goal

More information

Global Construction and Engineering Services Company Lowers Malware Infections by 42%

Global Construction and Engineering Services Company Lowers Malware Infections by 42% Global Construction and Engineering Services Company Lowers Malware Infections by 42% Wombat helps organization reduce susceptibility to cyber security attacks, saving hundreds of hours in remediation

More information

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

Protect Yourself. Who is asking? What information are they asking for? Why do they need it? Protect Yourself Your home computer serves many purposes: email, shopping, social networking and more. As you surf the Internet, you should be aware of the various ways to protect yourself. Of primary

More information

Computer Network and Internet Security Awareness and Responsible Use. Indian River County School District 2014-2015

Computer Network and Internet Security Awareness and Responsible Use. Indian River County School District 2014-2015 Computer Network and Internet Security Awareness and Responsible Use Indian River County School District 2014-2015 1 Through the availability of electronic resources provided by the School District of

More information

Practical guide for secure Christmas shopping. Navid

Practical guide for secure Christmas shopping. Navid Practical guide for secure Christmas shopping Navid 1 CONTENTS 1. Introduction 3 2. Internet risks: Threats to secure transactions 3 3. What criteria should a secure e-commerce page meet?...4 4. What security

More information

HIPAA and Health Information Privacy and Security

HIPAA and Health Information Privacy and Security HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient

More information

2013 Satisfaction Survey. How are we doing? Easier to Read Version

2013 Satisfaction Survey. How are we doing? Easier to Read Version 2013 Satisfaction Survey How are we doing? Easier to Read Version We asked people some questions about their support. Here is some of what people said and the changes we will make. That someone who knows

More information

Cyber Attacks and Liabilities Why do so many Organizations keep Getting Hacked, Sued and Fined?

Cyber Attacks and Liabilities Why do so many Organizations keep Getting Hacked, Sued and Fined? Cyber Attacks and Liabilities Why do so many Organizations keep Getting Hacked, Sued and Fined? PRESENTED BY RICK SHAW, AWAREITY Webinar Objectives Employees (and third parties) are the weakest links Learn

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege: Guard the Gaps with Patch Management 1.0

More information

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure Guide To Keeping Your Social Media Accounts Secure Social media is an integral part of the strategic communications and public affairs missions of the Department of Defense. Like any asset, it is something

More information

ITAR Compliance Best Practices Guide

ITAR Compliance Best Practices Guide ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations

More information

Internet Safety/CIPA Lesson Plan

Internet Safety/CIPA Lesson Plan Internet Safety/CIPA Lesson Plan Social Networking Overview Students need to safely use the Internet for learning, socializing, and for preparing for college and work. While firewalls, antivirus software,

More information

Overconfident Employees and the Lack of Email Security Tools Lead to Risky Business

Overconfident Employees and the Lack of Email Security Tools Lead to Risky Business White Paper Overconfident Employees and the Lack of Email Security Tools Lead to Risky Business A SilverSky Survey of Email Security Habits SilverSky 440 Wheelers Farms Road Suite 202 Milford CT 06461

More information

Security Awareness for Social Media in Business. Scott Wright

Security Awareness for Social Media in Business. Scott Wright Security Awareness for Social Media in Business Scott Wright Security Perspectives Inc COUNTERMEASURE 2012 10/29/2012 Copyright 2012. Security Perspectives Inc. 1 10/29/2012 Copyright 2012. Security Perspectives

More information

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc.

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc. Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

2015 Benchmark Survey State of Association Data Breach Preparedness Report

2015 Benchmark Survey State of Association Data Breach Preparedness Report 2015 Benchmark Survey State of Association Data Breach Preparedness Report Data is a critical component of an association s success. Membership data. Events data. Certification and other program data.

More information

DHHS Information Technology (IT) Access Control Standard

DHHS Information Technology (IT) Access Control Standard DHHS Information Technology (IT) Access Control Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-B 1.0 Purpose and Objectives With the diversity of

More information

Robert Hackworth, Chief Security Officer, KDE Office of Knowledge, Information & Data Services Division of Engineering and Management

Robert Hackworth, Chief Security Officer, KDE Office of Knowledge, Information & Data Services Division of Engineering and Management KSIS Beginning-of-Year Training, July 23 (Day 2), Chief Security Officer, KDE Office of Knowledge, Information & Data Services Division of Engineering and Management A belated thanks for coming! Because

More information

How to Evaluate Your 360 Feedback Efforts

How to Evaluate Your 360 Feedback Efforts IN THIS ARTICLE 360 Feedback How to Evaluate Your 360 Feedback Efforts By Kenneth M. Nowack, Jeanne Hartley, and William Bradley You can demonstrate results through this follow-up survey. Your training

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

DSS Monthly Newsletter

DSS Monthly Newsletter (Sent on behalf of ISR) Dear FSO, DSS Monthly Newsletter December 2012 This is the monthly email containing recent information, policy guidance, security education and training updates. If you have any

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security

More information

National Cybersecurity Awareness Campaign. Kids Presentation

National Cybersecurity Awareness Campaign. Kids Presentation National Cybersecurity Awareness Campaign Kids Presentation About Stop.Think.Connect. In 2009, President Obama asked the Department of Homeland Security to create the Stop.Think.Connect. Campaign to help

More information

McAfee S DO s AnD DOn ts Of Online Shopping

McAfee S DO s AnD DOn ts Of Online Shopping McAfee s Do s and don ts OF Online Shopping Table of Contents Foreword by Parry Aftab, 3 Online Safety Expert Online Shopping: The Real Deal 4 The DO s and DON Ts 5 Summary 17 Resources 18 Happy Online

More information

Standard: Information Security Incident Management

Standard: Information Security Incident Management Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of

More information

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2

More information

Jumpstarting Your Security Awareness Program

Jumpstarting Your Security Awareness Program Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

The Basics of Internal Controls

The Basics of Internal Controls The Basics of Internal Controls Presented to: The Institute of Internal Auditors (IIA) Topeka Chapter April 7, 2009 Today s Objectives Provide Insight into Internal Controls! Risk and Fraud the basis for

More information

2012 Allied Workforce Mobility Survey: Onboarding and Retention

2012 Allied Workforce Mobility Survey: Onboarding and Retention About the 2012 Research The 2012 Allied Workforce Mobility Survey, conducted in March 2012, captures the voice of HR professionals on critical topics relating to workforce mobility, which is defined as

More information

LSE PCI-DSS Cardholder Data Environments Information Security Policy

LSE PCI-DSS Cardholder Data Environments Information Security Policy LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project

More information

In a span of four years, the number of threats has multiplied

In a span of four years, the number of threats has multiplied TrendLabs So you ve decided it s time to get an antivirus for your computer. But with so many security solutions available, how do you choose what s best for you? You might be tempted to install a free

More information