1 / 14

Success Strategies for Security Awareness

Success Strategies for Security Awareness. Pamela Mitchell, MBA, MTM Secureworld Expo September 2011. Agenda. Security is Top Priority Employees Are Your Biggest Challenge Success Strategies for Security Awareness Top Ten Tips Summary & Final Thoughts Questions.

collier
Download Presentation

Success Strategies for Security Awareness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Success Strategiesfor Security Awareness Pamela Mitchell, MBA, MTM Secureworld Expo September 2011

  2. Agenda • Security is Top Priority • Employees Are Your Biggest Challenge • Success Strategies for Security Awareness • Top Ten Tips • Summary & Final Thoughts • Questions

  3. Security is TOP Priority! • Everyone in the company has a security role and responsibilities to fulfill • Many security incidents are the result of lack of awareness and training • The threat from inside is real! • Regulatory requirements must be met

  4. Employees Are Your Biggest Challenge • The Risk • Too Many Gullible Users • The Human Security Dilemma

  5. Success Strategies (1 of 2) • Do Your Homework • Get It From The Top • Gather Your Allies • Watch Your Language • Streamline Communications

  6. Success Strategies (2 of 2) • Think Fun • Tell It Like It Is • Sign Off On The Same Page • Walk Your Talk • Metrics

  7. Top Ten Tips (1 of 2) • Identify a theme • Deliver the message early and often • Variety is the spice of (Security) Life • Use a tiered approach (Mgmt, IT, Users) • Get people to care about Security

  8. Top Ten Tips (2 of 2) • Celebrate Security Awareness Month in October • Perform Quarterly Walkthroughs • Develop a Monthly Newsletter • Create a Top Ten List and display • Mandatory online interactive training once a year

  9. End User Security Awareness Challenges Identifying a theme, craft a cohesive program and repeat, repeat, repeat Motivating users to take a personal interest in information security and convincing users to develop and maintain safer computer usage habits Delivering a consistent message about the importance of information security Giving end user security awareness a higher priority within organizations Developing materials that deliver a clear message about security topics on a regular basis in a variety of ways

  10. Summary & Final Thoughts Security Awareness & Training Should Be Top Priority! ü Develop a comprehensive communication plan and deliver security information that users will view as being valuable to them personally and professionally ü Using multiple and appropriate communications, the message should be direct, concise and meaningful, and the call-to-action must be clear ü Initiatives should be endorsed at the top with the message cascading throughout the organization ü

  11. Resources and References • State and Federal Government • National Institute of Standards and Technology (NIST) Publication • http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151287 • Department of Homeland Security, CyberSecurity Training http://www.dhs.gov/files/training/cybersecurity.shtm • California Technology Agency, Office of Information Security • http://www.cio.ca.gov/OIS/Government/library/training.asp • Multi-State Information Sharing and Analysis Center (MS-ISAC) • http://msisac.cisecurity.org/resources/videos/

  12. Resources and References • Educational Institutions • University of Tennessee http://security.tennessee.edu/ • University of California, Santa Cruz http://its.ucsc.edu/security/training/index.html

  13. Resources and References • Search Security • http://searchsecurity.techtarget.com/resources • Vendors • Microsoft, McAfee, Websense, Cisco, etc.

  14. QUESTIONS ???

More Related