Training and Awareness

Similar documents
How-To Guide: Cyber Security. Content Provided by

TRAINING SERVICES elearning

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Intro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence

I ve been breached! Now what?

7 VITAL FACTS ABOUT HEALTHCARE BREACHES.

Information Security Addressing Your Advanced Threats

SECURITY. Risk & Compliance Services

2015 Information Security Awareness Catalogue

TRAINING SERVICES elearning

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

VENDOR MANAGEMENT. General Overview

developing your potential Cyber Security Training

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Utica College. Information Security Plan

PRIVILEGED USERS AND DATA BREACHES: A MATCH MADE IN HEAVEN?

Jumpstarting Your Security Awareness Program

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

Surviving the Ever Changing Threat Landscape

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

FERPA: Data & Transport Security Best Practices

The SQL Injection Threat & Recent Retail Breaches

NATIONAL CYBER SECURITY AWARENESS MONTH

User Security Education and System Hardening

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

Five Trends to Track in E-Commerce Fraud

How One Smart Phone Picture Can Take Down Your Company

CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES

Information Security and Risk Management

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

SANS Securing The Human

Cyber Self Assessment

Privilege Gone Wild: The State of Privileged Account Management in 2015

Perspectives on Cybersecurity in Healthcare June 2015

10 Smart Ideas for. Keeping Data Safe. From Hackers

Reducing Cyber Risk in Your Organization

Jefferson Glassie, FASAE Whiteford, Taylor & Preston

Are your people playing an effective role in your cyber resilience?

[Company Name] HIPAA Security Awareness and Workforce Training Program Manual

Unit 3 Cyber security

Cyber Security An Exercise in Predicting the Future

Teradata and Protegrity High-Value Protection for High-Value Data

IIABSC Spring Conference

The Business Case for Security Information Management

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Cybersecurity: Emerging Legal Risks

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Data Breach Response Planning: Laying the Right Foundation

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Information Security Education and Awareness Training

SOMETHING PHISHY IS GOING ON!

I n f o r m a t i o n S e c u r i t y

Congregation Identity Theft Education Program

How To Protect Yourself From A Hacker Attack

The Mile High Denver Chapter of ARMA welcomes you to our virtual meeting!

Feature. Log Management: A Pragmatic Approach to PCI DSS

How to get from laws to technical requirements

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Defensible Strategy To. Cyber Incident Response

Data Breach and Senior Living Communities May 29, 2015

Information Security Management System for Microsoft s Cloud Infrastructure

HIPAA Compliance Review Analysis and Summary of Results

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Preemptive security solutions for healthcare

Understanding Layered Security and Defense in Depth

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

How To Protect Your Information From Being Hacked By A Hacker

Middle Class Economics: Cybersecurity Updated August 7, 2015

Avoiding the Top 5 Vulnerability Management Mistakes

PII Compliance Guidelines

Securing Virtual Desktop Infrastructures with Strong Authentication

4 Ways an Information Security Analyst Improves Business Productivity

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

Data Access Request Service

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Checklist for Breach Readiness. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow

Enterprise Cybersecurity: Building an Effective Defense

Protect Your Business and Customers from Online Fraud

SMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015

Nine Network Considerations in the New HIPAA Landscape

Cyber Insurance: How to Investigate the Right Coverage for Your Company

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

PDSA Special Report. Is your Company s Security at Risk

IBM Internet Security Systems October FISMA Compliance A Holistic Approach to FISMA and Information Security

Risk Management and Compliance: Healthcare Best Practices Guide

National Cyber Security Month 2015: Daily Security Awareness Tips

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015

PREPARED TESTIMONY OF THE NATIONAL CYBER SECURITY ALLIANCE MICHAEL KAISER, EXECUTIVE DIRECTOR ON THE STATE OF CYBERSECURITY AND SMALL BUSINESS

Medical Information Breaches: Are Your Records Safe?

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

Transcription:

Training and Awareness Services Overview JANUS Associates, Inc. 1055 Washington Boulevard Stamford, CT 06901 203-251-0200 matthewl@janusassociates.com

Providing your employees with information technology security awareness training is your best defense against the number one cause of data breaches - Social Engineering Social engineering is the number one cause of data breaches. These breaches continue to increase in frequency even though most organizations have invested heavily in putting network security devices in place. This has not stopped the breaches. Hackers have found that the weakest link in an organization is its people. As such, your employees, not your 95 percent of data actual technology, are most often the first target of an attacker. Empower your employees and make them your first line of defense by making sure they are properly trained to spot today s new breaches were a result of social engineering of employees. Tactics used include phishing attacks, attack methods. stolen credentials, media drops, and physical exploits Cybercriminals are increasingly using social such as tailgating engineering to gain an undetected foothold within business and government networks. Stolen credentials obtained by social engineers are used in four out of five breaches, regardless of whether the attack was driven by financially motivated cybercriminals, nation-state-driven cyber espionage activity, or hacktivists. Solution What can you do to minimize these types of intrusion risks and improve your odds of avoiding a breach? Through vastly improved employee awareness training you have an increased chance of thwarting an attack. The goal of an awareness program should be to go beyond simply meeting compliance requirements for training and awareness and comply with your policies. A broader goal should be to also change the culture of your organization to bring focus on the importance of active information security and get buy-in from end users to serve as an added layer of defense against security threats. Traditional training is typically rolled out to employees once a year but studies show that knowledge is often forgotten within ninety days. How do you bolster this first critical line

of defense? The answer is to utilize focused security training and train more often, in small bursts, with relevant and timely information. The JANUS method trains your employees more effectively with monthly ten minute highly 75 percent of breaches took weeks to focused, bite-sized modules that employees can quickly absorb. months to discover; only 25 percent were discovered in a day or less This information, in turn, fosters greater topic understanding, better comprehension, and longer knowledge retention of your data security policies and procedures. Monthly reinforcement keeps security knowledge and focus fresh in employees minds and allows for current topics of importance to be brought quickly to your staff as new threat vectors emerge. JANUS data security awareness training is designed to reinforce industry best practices and it can easily and cost 76 percent of breaches were tied to stolen passwords and 70 percent of breaches were discovered by external parties, not internal Administrators effectively be customized to reflect your specific policies and procedures. The JANUS system is often utilized for more than breach prevention. It also helps employees reinforce their responsibilities regarding electronic health information (ephi), personal health information (PII), comply with regulations such as PCI (payment cards), FISMA (federal), HIPAA (healthcare), NERC (utilities), ISO (international), FFIEC (financial), and many other specific requirements and standards. Modules can be customized to focus on each specific regulation or standard (or a combination) that apply directly to your organization leaving no doubt as to what controls staff is to adhere to. The baseline course is comprised of multiple modules; includes non-threatening quizzes; and supplies you with management metrics that reflect quiz scoring and course completion by each employee. Metrics are generated as audit quality artifacts to help you achieve your regulatory compliance requirements. Continuing education credit from recognized industry organizations is available to those requiring it, and all who successfully complete the course are awarded a certificate of completion.

Best Practice Modules Available for Lease JANUS Associates provides six industry standard, best-practice training and awareness modules for lease. These systems can be purchased quickly and hosted either by JANUS or by you. Of course these can be customized to include your logo for an addditional fee. The following packages are available for immediate purchase. Information Security Information Security is Every Employee s responsibility How a hacker steals your information Social Engineering What is a Social Engineering attack? How to Recognize and Avoid Phishing attacks Credential Management Protecting Your Password How to Make a Good Password Confidentiality How to Protect Your Privacy How to Prevent Identity Theft Acceptable use of Electronic Devices Internet, Email, and Company Computers Removable Media (USBs, CDs, DVDs) Mobile devices, Laptops and Remote Access Workplace Security Account Management Physical Security: visitor access, no piggybacking, clean desk policy

The JANUS Training System Three service levels of trainng are provided by JANUS to meet your regulatory compliance, IT security/privacy requirements and general training needs. These levels allow our clients the ability to tailor their training and awareness solution to the specific needs of their industry and size. For each of the three service levels, four options exist with respect to hosting, branding, and course length. Best Practices Most off-the-shelf information security training available today is prepared by one of two types of organizations: either a specialist training company or a security practictioner who works as a lone consultant and offers generic classes to large businesses and governments. Per employee, these are the least expensive choice. However, our current state of security readiness attests to the fact that these methods are seriously lacking in capability and preparation. Therefore, they actually are most likely the most expensive form of education available since their outcome value is low and breaches continue to skyrocket. You are literally spending with no return on investment except to report to your regulating agencies that you held a class. At JANUS, generic training modules are available from information security experts who understand the specific regulations that apply to multiple industries. These are built into the modules and are available on a per user basis. Examples include Avoiding Tailgating, Identifying a Phishing Attack, and Handling Removeable Media. Customized In many industries it is important for your employees to understand your specific information security policies and procedues to avoid serious problems. For this growing need, JANUS security experts will review your orgnizational policies and procedures and tailor a set of training modules to meet your needs that is specific to you and branded with your logo, business acronyms, and terms. This structure lets your staff understand that your business understands the importance of security and that your want to reinforce your commitment to its principles. Such tailoring avoids generalities and ensures that your message comes across thus increasing your training benefits. Instructor Lead For users that require specific instruction in the classroom, JANUS will develop a customized classroom experience based on your specific needs. As in the previous examples, experts in information security and training will work with you to build a storyboard for you to review. Upon your approval, they will build your class and review it with you prior to finalization.

JANUS has a variety of structures for undertaking this level of training, including slides, videos, tests, and laboratories, amongst others. These training level are illustrated by the horizontal bars in the figure below. JANUS LMS Methodology Hosted by JANUS Hosted by Client Modular Complete Instructor Lead Customized Best Practices The vertical components in the figure above illustrate the various methods you can choose to carry out your information security training. Would you like JANUS to host the training environment or might you want to host it yourself. Either is available. Do you want to select modular elements with which to train your people or would you prefer a longer classroom period of specialized education? Because JANUS has been performing information security consulting and training for over 25 years, we understand what is relevant and what is not. We also regularly update our materials to meet changes in the laws/regulations, to incorporate new threats and concepts, and to freshen the materials. These are all very important elements in training your people well but are often lacking.

General Training and Awareness Pricing Each engagement is priced specifically for the client. However, there are a few variables which impact the total cost of a training engagement. Hosting Model If you decide to host your own LMS system, you are simply charged for licensing and development of the training package. If JANUS hosts the solution, hosting costs apply. Level of Customization It is common that even in a customized solution; JANUS can reuse portions of its best practices modules. This can reduce costs to you. Instructor Led Number of instructor led hours can increase cost. The following model illustrates the cost relationship of each type of training to each other. Complete Modular Self Hosted Hosted By JANUS Preparation Best Practices Customized Instructor Lead Speak with a JANUS security professional and find out what the true value of IT security awareness training is to you and your organization JANUS Associates, Inc. 1055 Washington Boulevard Stamford, CT 06901 203-251-0200 www.janusassociates.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information