Oct 29 th, 2013 Importance of Security Awareness training John Ecken



Similar documents
Intro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits

Protecting personally identifiable information: What data is at risk and what you can do about it

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Security Management Practices. Keith A. Watson, CISSP CERIAS

privacy and security training that makes people remember and care

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

Privilege Gone Wild: The State of Privileged Account Management in 2015

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO TABLE OF CONTENTS

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Concordia University College of Alberta. Master of Information Systems Security Management (MISSM) Program Ada Boulevard, Edmonton, AB

Privilege Gone Wild: The State of Privileged Account Management in 2015

Healthcare and IT Working Together KY HFMA Spring Institute

Customer-Facing Information Security Policy

Security Controls What Works. Southside Virginia Community College: Security Awareness

PCI DSS 3.0 Changes & Challenges P R E S I D E N T/ C O - F O U N D E R F R S EC U R E

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

IT SECURITY POLICY (ISMS 01)

Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5

UBC Incident Response Plan

Meeting the Information Security Management Challenge in the Cyber-Age


Healthcare Insurance Portability & Accountability Act (HIPAA)

information systems security policy...

Executive Management of Information Security

5 IT Security Planning and Practice

How To Check If A System Is Secure

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

2015 Benchmark Survey State of Association Data Breach Preparedness Report

Information Security Awareness Training. Course Outline. Provides a brief orientation to the topics covered in the module.

Presented by Frederick J. Santarsiere

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates

Brainloop Cloud Security

SCAC Annual Conference. Cybersecurity Demystified

Policy Title: HIPAA Security Awareness and Training

Are You Ready for PCI 3.1?

Information Security Policy

4 Ways an Information Security Analyst Improves Business Productivity

Business Case. for an. Information Security Awareness Program

Security Management. Keeping the IT Security Administrator Busy

Developing National Frameworks & Engaging the Private Sector

Information Security Addressing Your Advanced Threats

Professional Services Overview

Cal Poly PCI DSS Compliance Training and Information. Information Security 1

DEPARTMENT OF MEDICAL ASSISTANCE SERVICES VULNERABILITY ASSESSMENT AND NETWORK PENETRATION TEST FEBRUARY 2007

Next. CDS 2015 Survey Module 7 Information Security Survey Errata

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Initial Cyber Security Briefing

2012 NCSA / Symantec. National Small Business Study

Next. CDS 2015 Survey Module 7 Information Security Survey Errata

Data Management & Protection: Common Definitions

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Caldwell Community College and Technical Institute

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security

Publication Number: Third Draft Special Publication Revision 1. A Role Based Model for Federal Information Technology / Cyber Security Training

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Student Laptop User Charter

Guide for the Role and Responsibilities of an Information Security Officer Within State Government

REAL LEAKS INVOLVE PRIVILEGED STAFF HOW TO PREVENT SENIOR AUTHORISED STAFF FROM STEALING INFORMATION?

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

Second Annual Benchmark Study on Patient Privacy & Data Security

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

The Top Ten of Information Security - For 2015

Presented by Evan Sylvester, CISSP

Cyber Security Threats

Data Security: Fight Insider Threats & Protect Your Sensitive Data

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Ed McMurray, CISA, CISSP, CTGA CoNetrix

ULH-IM&T-ISP06. Information Governance Board

GUIDE TO IMPROVING INFORMATION SECURITY IDENTIFYING WEAKNESSES & STRENGTHENING SECURITY

The Practical Guide to HIPAA Privacy and Security Compliance

Data Security and Identity Management

Privacy and Security Awareness, Education and Training Policy

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

Wright State University Information Security

NC DPH: Computer Security Basic Awareness Training

Tasmanian Government Information Security Framework

Cybersecurity: Protecting Your Business. March 11, 2015

So the security measures you put in place should seek to ensure that:

Revision Date: October 16, 2014 Effective Date: March 1, Approved by: BOR Approved on date: October 16, 2014

Chapter 1 The Principles of Auditing 1

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

F G F O A A N N U A L C O N F E R E N C E

Richard Gadsden Information Security Office Office of the CIO Information Services

10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group

How To Understand The Security Posture Of Home Internet Users In Australia

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

Spyware Meets HIPAA. by Kate Borten, CISSP, CISM Webroot Software 1

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Balancing Cloud-Based Benefits With Security. White Paper

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

Vulnerability Assessment & Compliance

AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS

SECURITY CONSIDERATIONS FOR LAW FIRMS

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

ADMINISTRATIVE POLICY # (2014) Information Security Roles and Responsibilities

Information Security Incident Management Policy

Transcription:

Oct 29 th, 2013 Importance of Security Awareness training John Ecken

WELCOME About Me What is Security Awareness? Importance of Security Awareness What should be included in a Security Awareness program Types of Security Awareness programs Follow Me

Background Born in Louisville, KY 20+ years in IT Extensive IT training and consulting background CISSP / HIPAA Consultant

WHAT IS SECURITY AWARENESS Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and especially, information assets of that organization. Being security aware means you understand that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within a company's computer systems and throughout its organization. Therefore, it would be prudent to support the assets of the institution (information, physical, and personal) by trying to stop that from happening.

WHAT IS SECURITY AWARENESS Confidentiality Security Traid Integrity Availability

WHY IS SECURITY AWARENESS IMPORTANT The behavior of employees with access to data affects information systems and assets. Security can't be guaranteed. The human factor (what employees do or don't do) is the biggest threat to information systems and assets.

WHO NEEDS SECURITY AWARENESS All users security basics Executives security basics and policy level training in security planning and management Program and functional managers security basics and management and implementation level training in security planning and system/application security management, system/application life cycle management, risk management, and contingency planning.

WHO NEEDS SECURITY AWARENESS Chief Information Officers (CIOs), IT security program managers, auditors, and other security-oriented personnel (e.g., system and network administrators, and system/application security officers) security basics and broad training in security planning, system and application security management, system/application life cycle management, risk management, and contingency planning. IT function management and operations personnel security basics; management and implementation level training in security planning and system/application security management, system/application life cycle management, risk management, and contingency planning.

BENEFITS OF AWARENESS Provide better protection for assets Improve morale Save money Give your organization a competitive advantage and protect and enhance your organization's reputation and brand Reduce the potential for fines and mandatory audits Reduce the potential for lawsuits against your organization

WHAT SHOULD BE INCLUDED IN MY PROGRAM Topics should consist of existing organizational policies and procedures and industry best practices These topics will help employees understand why security awareness is important and guide them in knowing how to prevent incidents from happening and what to do if one occurs.

WHAT SHOULD BE INCLUDED IN MY PROGRAM Physical Security Desktop Security Wireless Networks and Security Password Security Phishing Hoaxes Malware File Sharing and Copyright

TYPE OF AWARENESS PROGRAMS Classroom-Style Training Security Awareness Website helpful Hints Posters Emails Promotions E-Learning Hybrid Approach

PROGRAM BEST PRACTICES Documented. Widely accepted. Developed by knowledgeable bodies. In compliance with existing laws and regulations. Effective at providing reasonable assurance of desired outcomes. Continually reviewed and improved upon.

FOLLOW ME www.twitter.com/johnecken www.twitter.com/training4it www.linkedin.com/in/johnecken http://www.linkedin.com/company/tandem-solution jecken@training4it.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information