90 likes | 240 Views
SCOPE. ORGANISATIONAL CULTURE ORGANISATION MUST PROVIDE FOR INFORMATION SECURITY FAILING TO PLAN, IS PLANNING TO FAIL ASPECTS THAT SHOULD BE ADRESSED DURING SECURITY AWARENESS TRAINING QUESTIONS ?. AIM. TO DEMONSTRATE THE IMPORTANCE OF
E N D
SCOPE • ORGANISATIONAL CULTURE • ORGANISATION MUST PROVIDE FOR INFORMATION • SECURITY • FAILING TO PLAN, IS PLANNING TO FAIL • ASPECTS THAT SHOULD BE ADRESSED • DURING SECURITY AWARENESS TRAINING • QUESTIONS ?
AIM • TO DEMONSTRATE THE IMPORTANCE OF • SECURITY AWARENESS IN ENHANCING THE • SECURITY MATURITY OF USERS
IMPORTANCE OF SECURITY AWARENESS • ORGANISATIONAL CULTURE DETERMINES • IMPORTANCE OF INFORMATION SECURITY • ORGANISATION MUST PROVIDE FOR INFORMATION • SECURITY: • ENHANCE SECURITY KNOWLEDGE OF USERS • CHANGE ATTITUDE TOWARDS SECURITY • CHANGE BEHAVIOUR PATTERNS • HUMANS ARE THE WEAK LINK
IMPORTANCE OF SECURITY AWARENESS • FORMAL TRAINING AND EDUCATION ADDRESS • KNOWLEDGE OF USERS • ATTITUDE AND BEHAVIOUR CHANGES COME • WITH UNDERSTANDING OF SECURITY RISKS • CULTURAL CHANGE WRT INFORMATION • SECURITY MUST BE ACHIEVED
SECURITY AWARENESS TRAINING • SECURITY AWARENESS TRAINING SUCCESS • DEPENDS ON EFFECTIVE PLANNING. • AWARENESS TRAINING PROGRAM EXTREMELY IMPORTANT • MANAGEMENT APPROVAL MUST BE OBTAINED • FOLLOW A LIFECYCLE TO ENSURE CONTINUOUS IMPROVEMENT
TYPICAL SECURITY AWARENESS TRAINING LIFECYCLE Threat assessment
CONTENT OF SECURITY AWARENESS TRAINING • What are the threats ? • How to counteract identified threats • Passwords (use, compilation, changing, secrecy) • Preventing unauthorised access • Malicious code/countermeasures • E-mailing • Backup/DRPs • Use and safeguarding of removable data media • Use of “Freeware” • Theft prevention • Social engineering (dangers of social networks)