2015 Information Security Awareness Catalogue



Similar documents
Nine Steps to Smart Security for Small Businesses

developing your potential Cyber Security Training

Egress Switch Best Practice Security Guide V4.x

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

A NEW APPROACH TO CYBER SECURITY

The Human Factor of Cyber Crime and Cyber Security

A practical guide to IT security

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER SECURITY, A GROWING CIO PRIORITY

<COMPANY> P01 - Information Security Policy

Physical Security Services

ISO Controls and Objectives

Cyber security Building confidence in your digital future

Global IT Security Risks

Data Access Request Service

CYBER SECURITY STRATEGY AN OVERVIEW

Qualification in Internal Audit Leadership (QIAL ) Exam Syllabus

ISO27001 Controls and Objectives

National Cyber Security Month 2015: Daily Security Awareness Tips

NATIONAL CYBER SECURITY AWARENESS MONTH

CONSULTING IMAGE PLACEHOLDER

by: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy

Identify your future leaders with Kallidus Talent

The 2012/3 SA Cyber Threat Barometer. Craig Rosewarne

Information security controls. Briefing for clients on Experian information security controls

Smart Security. Smart Compliance.

Addressing Cyber Risk Building robust cyber governance

Promoting a cyber security culture and demand compliance with minimum security standards;

Qatar Computer Emergency Team

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

Procuring Penetration Testing Services

UNIVERSITY BOARD SKILLS REVIEW MATRIX Page 1 of 5

Information Security Seminar 2013

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

SOMETHING PHISHY IS GOING ON!

Information Governance Policy

Deloitte Service Code: D-G6-L4-543 December 2014

Introduction to Cyber Security

(Instructor-led; 3 Days)

THE HUMAN COMPONENT OF CYBER SECURITY

An article on PCI Compliance for the Not-For-Profit Sector

Information Security It s Everyone s Responsibility

Information Governance Policy

KEY TRENDS AND DRIVERS OF SECURITY

Cybersecurity and Privacy Hot Topics 2015

How-To Guide: Cyber Security. Content Provided by

Cyber Security, a theme for the boardroom

RUAG Cyber Security. More security for your data

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

TELEFÓNICA UK LTD. Introduction to Security Policy

Qualifications for the Fire Sector

HealthCare Information Security and Privacy Practitioner (HCISPP) Briefing Paper. Piloted by the Cyber Security Programme

INFORMATION SECURITY AWARENESS & TRAINING PROGRAM

Data Protection Act Guidance on the use of cloud computing

I S O I E C I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

Effective Software Security Management

Deception scams drive increase in financial fraud

HMG Security Policy Framework

MAXIMUM PROTECTION, MINIMUM DOWNTIME

Cybersecurity Protecting Yourself, Your Business, Your Clients

Executive Cyber Security Training. One Day Training Course

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Sub-section Content. 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Western Australian Auditor General s Report. Information Systems Audit Report

FINRA Publishes its 2015 Report on Cybersecurity Practices

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

Report on CAP Cybersecurity November 5, 2015

Cyber Security: from threat to opportunity

Estate Agents Authority

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

SECURITY. Risk & Compliance Services

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cybersecurity The role of Internal Audit

Third Party Security Requirements Policy

Information Security Program CHARTER

corporategovernance twothousandfourteen

JOB DESCRIPTION. Information Governance Manager

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

ENISA s ten security awareness good practices July 09

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Amcor Commercial Leadership Development Program

INFORMATION TECHNOLOGY SECURITY STANDARDS

BarnOwl. SA#Cyber# Opportunity &# Threat Landscape. Craig#Rosewarne# (Wolfpack#Information#Risk)

Guide 2 Organisational

Cyber security in an organization-transcending way

12 Questions to ask before beginning your website redesign

Transcription:

Contents 2015 Catalogue Wolfpack Engagement Model 4 Campaign Drivers 6 Offerings 8 Approach 9 Engaging Content 10 Stakeholder Change Management 12 Bundles 13 Content 14 Grey Wolf -Track compliance with our powerful Learning Management System (LMS) 18 Alert Africa - Our Public Initiative 20 About Us 22 Services Portfolio 23 Wolfpack 2015 Catalogue - Page 2 Wolfpack 2015 Catalogue - Page 3

2. ASSESS Wolfpack Engagement Model Predict Your Threats Internal External Industry Country Global RESEARCH & THREAT INTELLIGENCE 1. PREDICT SPECIALISED COLLABORATION PROJECTS Assess Your Vulnerabilities People Process Technology GOVERNANCE, RISK & COMPLIANCE ADVISORY SKILLS ASSESSMENTS TRAINING & AWARENESS PROGRAMMES 3. IMPROVE TALENT SOURCING & GRADUATE DEVELOPMENT Improve Your Defence Capability Wolfpack 2015 Catalogue - Page 4 Wolfpack 2015 Catalogue - Page 5

Campaign Drivers Creating an information security and privacy awareness and training programme is not a simple task. It can be very frustrating designing professional & engaging content. Remember - this is your brand to the business so it needs to look good! Providing your personnel with the security and privacy information they need, and ensuring they understand and follow the requirements, is a vital component to protecting your organisation, staff, trading partners & customers. Key Requirements: The need for a global awareness / culture campaign focusing on the protection of personal and confidential information Understanding of global and organisational stakeholder requirements The campaign must have impact & defined key performance / goal indicators Wolfpack Risk have established a comprehensive portfolio of training and awareness offerings. Research & Threat Intelligence Reports Programme Maturity Improvement Content Development Simulation, Animated Video & Cartoon Solutions Phishing & Social Engineering Assessments Governance, Risk Management & Compliance Curriculum Curriculum Forensics Curriculum Audit Curriculum Software Curriculum Wolfpack 2015 Catalogue - Page 6 Wolfpack 2015 Catalogue - Page 7

Offerings Approach SOLUTIONS Project Management Confidentiality Management Social Engineering Assessments Human Vulnerability Assessments The continual growth of regulatory requirements, complex business operations and increase in cyber threats demand a well thought-out and implemented approach to information risk management. Wolfpack Risk has extensive experience in this sector and draws considerable input from our Research, Threat Intelligence and Advisory units to offer a comprehensive awareness solution. Executive Cyber Vulnerability Assessments Grey Wolf Assessment And Learning Platform CONTENT Animated Video Series: 5 Privacy 7 Custom Development Posters / Cartoons / Screensavers Easy Policy Communicator Cybercrime Survival Guide & Induction Programme Simulations Interactive Sessions Phase 1: Plan Validate context and requirements for global awareness / culture campaign focusing on the protection of secret and confidential information Business Requirements Analysis Defined scope of work & campaign success factors Define stakeholder requirements for secret and confidential information leakage and relevant threat intelligence sources per location / industry Stakeholder Change Management The stakeholder change management framework will include a stakeholder matrix, change communication plan, key project metrics and content customisation / development blueprint Phase 2: Build Understand training and awareness requirements Executives Management Create Tailored Programme rollout programme for defined audience groups per region Tailored skills transfer programme for regional project champions Phase 3: Run Conduct pilot / full training and awareness programme Users and Third Parties Wolfpack 2015 Catalogue - Page 8 Wolfpack 2015 Catalogue - Page 9

Engaging Content Posters Protecting Personal Protecting Business Privacy Privacy POPI Compliance POPI Compliance POPI Compliance Protection of Personal Act Protection of Personal Act Protection of Personal Act Module 2 Module 1 Screensavers Interactive Simulations Module 3 Cybercrime Cyber Threat Password Safety & Account Management Cloud & Third Party Risks Protecting Your Family Social Engineering Employee & Contractor Risks Videos Cartoons Wolfpack 2015 Catalogue - Page 10 Wolfpack 2015 Catalogue - Page 11

Stakeholder Change Management Bundles Identify Stakeholders Starter Pack A fantastic way to enhance your organisation s awareness programme with professionally branded & engaging material. Objective What is included? 4 x Animated Videos (Cyber Threats / Social Engineering / PoPI / Privacy) 4 x Posters + Cartoons Training Workshop at Wolfpack offices Access to Cyber Pack Interest Group *All Starter Pack materials are Wolfpack branded. Message Add Add Add Medium Frequency Communicator Performance Metric Premium Pack Access Wolfpack s full range of awesome awareness content. Includes: All 12 x & Privacy Animated Videos (with more coming soon) Professional Posters, Screensavers & Cartoons Programme Toolkit (APT) to run strategy, comms, budget & more Grey Wolf LMS (Learning Management System) Run both & Training campaigns on one system Assess skills, track performance & compliance of all users Use either Wolfpack cloud system or implement in-house with full support *Includes local installation, initial setup, training & monthly telephonic support. Other Services Phishing & Executive Threat Assessments Easy Policy Communicator Induction, User & Executive Workshops Customisation Full Customisation of all our material available We can also create your own videos, posters, cartoons, banners, stickers & more Wolfpack 2015 Catalogue - Page 12 Wolfpack 2015 Catalogue - Page 13

Content POPI Compliance Modules The awareness content can be divided into two areas, namely and Privacy. Privacy Content Protecting Personal Looks at POPI and how it affects the protection of personal information, delivers the following key messages: Exercise caution when sending emails containing sensitive information follow corporate guidelines Report any security incident promptly to your Department s Privacy or Team Protect the data you are handling as if it was your own Do not leave any confidential files or information in plain sight it s not yours to share. Protecting privacy is everyone s responsibility Protecting Business Privacy Identifies the implications that POPI has on business, delivers the following key messages: POPI aligns with the organisation s strategic focus to place the customer at the core of our business We wish to empower our staff to instill a culture of compliance with respect to the privacy and protection of our customer information Privacy protection is not a project with a start and end it is an attitude and approach that needs to be woven into the culture of the organisation POPI Compliance Module 1 Addresses the first three principles of POPI i.e. Accountability, Quality and Safeguards, the following key messages are delivered: You cannot outsource accountability be careful about who has access to personal information Maintain data quality Always ensure our information is up to date and complete Always ensure personal information is protected We are not just dealing with 1s and 0s. It s people s lives POPI Compliance Module 2 Addresses the following principles of POPI: Processing limitation, Purpose Specification and Further Processing Limitation. The following key messages are delivered: Respect the privacy of your client s personal information Always keep in mind the original reason for obtaining a client s personal information Innovation is encouraged but not at the expense of our client s right to privacy POPI Compliance Module 3 Addresses the following principles of POPI: Openness and Data Subject Participation.The following key messages are delivered: Ensure you are always open and honest with your clients regarding your intentions with their personal information Your clients have the right to question our management of their personal information Wolfpack 2015 Catalogue - Page 14 Wolfpack 2015 Catalogue - Page 15

Content Content Cybercrime Identifies the different types of cybercrime tactics employed by cybercriminals to exploit their victims. Delivers the following key messages: Perform background checks on new employees Don t use unauthorised software or media Protect both company and personal information You are a target for cyber criminals don t become the next victim Cyber Threat Provides an overview of the different cyber threats. Delivers the following key messages: The different cyber threats focusing on Cyber Warfare, Cyber Espionage and Cyber Crime Implications of cyber threats Password Safety and Account Management Highlights the importance of keeping passwords safe and secure. Delivers the following key messages: Protecting Your Family Highlights the threats faced by children when using the Internet and social media. Delivers the following key messages: Make sure you verify the details of who you are talking to online Never agree to meet up with someone you met online without your parents knowing If you do agree to meet the person, at least take someone you trust with you to the first meeting Ensure all family computers are in open view and are loaded with Parental Control Software The internet is a wonderful tool to use, as long as it issued responsibly Social Engineering Identifies the social engineering tactics used by cyber criminals. Delivers the following key messages: Always ask for identification from anyone entering your premises, do not allow tailgating Be cautious of what corporate and employee information is on social media sites Ensure that confidential information is shredded before disposal to bins accessible by the public Do not allow anybody in without some identification being in a hurry is no excuse Cloud and Third Party Risks Identifies the risks involved in using cloud and third party services. Delivers the following key messages: Think twice when you want to store sensitive data in the cloud and assess the impact if this data is exposed Maintain a local backup copy of your important data in case the service provide is offline Ensure the service provider has protection agreements in place Understand where your data is hosted and whether this impacts any privacy requirements Cloud computing offers an effective data solution, as long as you choose your provider wisely. Passwords must be a combination of upper and lower case letters, at least one special character and number Passwords must be a minimum of 7 characters and not exceed 30 characters Never write passwords down The same character should not be used consecutively You are a target for cyber criminals don t become the next victim Employee and Contractor Risks Identifies the risks of not doing thorough background checks on employees and contractors. Delivers the following key messages: Background verification checks on all candidates for employment and contractors should be carried out roles and responsibilities should be defined and clearly communicated to job candidates during the pre-employment process All employees and contractors who are given access to sensitive information should sign a confidentiality or non-disclosure agreement prior to being given access All employees and contractors should return all of the organisation s assets in their possession upon termination of their employment or contract Your company is a target for man risks don t risk the lives of your family and your employees Wolfpack 2015 Catalogue - Page 16 Wolfpack 2015 Catalogue - Page 17

Grey Wolf -Track compliance with our powerful Learning Management System (LMS) Course Home User Friendly Interfaces Track Student Progress Question Statistics Rewards Wolfpack 2015 Catalogue - Page 18 Wolfpack 2015 Catalogue - Page 19

Alert Africa - Our Public Initiative The Alert Africa website aims to educate the average internet users about differnt cyber threats that exists online, provides useful tips on how to not become a victim as well as where to report cybercrime to. http://www.alertafrica.com The goal of the Cybercrime Survival Guide is to firstly raise awareness of the potential cyber risks you may face and to provide you with a non-technical approach to PROTECT yourself online. The guidance offers valuable tips for cloud users, personal computers and mobile devices to ensure that your own private and financially sensitive information is kept safe. You don t have to be a computer guru to use this guide. https://www.wolfpackrisk.com/awareness_docs/cybercrime_survival_guide.pdf Wolfpack 2015 Catalogue - Page 20 Wolfpack 2015 Catalogue - Page 21

About Us Services Portfolio Trusted information risk advisors to a growing base of government and private sector clients. We offer cutting-edge research & threat intelligence, professional advisory, custom training & awareness programmes. Level 2 BBBEE contributor Training IT Governance, Risk, Cyber & Privacy Training Foundation Intermediate Advanced Graduate Development Programme Talent Management Specialist Governance, Risk and Compliance Recruiting Co-Sourcing and Outsourcing Skills and Competency Assessments Research and Threat Intelligence Cyber Threat Intelligence Reports Local & Industry Analysis Quarterly Cybershield Publications Executive Threat Assessments Phishing Assessments Grey Wolf Assessment & Learning Platform Animated Video Poster Cartoon Series Advisory IT Governance, Risk, Cyber & Privacy Consulting Vulnerability & Threat Assessments ISO 27001 Certification ISO 27001 Certification https://www.wolfpackrisk.com Wolfpack 2015 Catalogue - Page 22 Wolfpack 2015 Catalogue - Page 23