1 / 9

SCOPE

SCOPE. ORGANISATIONAL CULTURE ORGANISATION MUST PROVIDE FOR INFORMATION SECURITY FAILING TO PLAN, IS PLANNING TO FAIL ASPECTS THAT SHOULD BE ADRESSED DURING SECURITY AWARENESS TRAINING QUESTIONS ?. AIM. TO DEMONSTRATE THE IMPORTANCE OF

derora
Download Presentation

SCOPE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SCOPE • ORGANISATIONAL CULTURE • ORGANISATION MUST PROVIDE FOR INFORMATION • SECURITY • FAILING TO PLAN, IS PLANNING TO FAIL • ASPECTS THAT SHOULD BE ADRESSED • DURING SECURITY AWARENESS TRAINING • QUESTIONS ?

  2. AIM • TO DEMONSTRATE THE IMPORTANCE OF • SECURITY AWARENESS IN ENHANCING THE • SECURITY MATURITY OF USERS

  3. IMPORTANCE OF SECURITY AWARENESS • ORGANISATIONAL CULTURE DETERMINES • IMPORTANCE OF INFORMATION SECURITY • ORGANISATION MUST PROVIDE FOR INFORMATION • SECURITY: • ENHANCE SECURITY KNOWLEDGE OF USERS • CHANGE ATTITUDE TOWARDS SECURITY • CHANGE BEHAVIOUR PATTERNS • HUMANS ARE THE WEAK LINK

  4. IMPORTANCE OF SECURITY AWARENESS • FORMAL TRAINING AND EDUCATION ADDRESS • KNOWLEDGE OF USERS • ATTITUDE AND BEHAVIOUR CHANGES COME • WITH UNDERSTANDING OF SECURITY RISKS • CULTURAL CHANGE WRT INFORMATION • SECURITY MUST BE ACHIEVED

  5. SECURITY AWARENESS TRAINING • SECURITY AWARENESS TRAINING SUCCESS • DEPENDS ON EFFECTIVE PLANNING. • AWARENESS TRAINING PROGRAM EXTREMELY IMPORTANT • MANAGEMENT APPROVAL MUST BE OBTAINED • FOLLOW A LIFECYCLE TO ENSURE CONTINUOUS IMPROVEMENT

  6. TYPICAL SECURITY AWARENESS TRAINING LIFECYCLE Threat assessment

  7. CONTENT OF SECURITY AWARENESS TRAINING • What are the threats ? • How to counteract identified threats • Passwords (use, compilation, changing, secrecy) • Preventing unauthorised access • Malicious code/countermeasures • E-mailing • Backup/DRPs • Use and safeguarding of removable data media • Use of “Freeware” • Theft prevention • Social engineering (dangers of social networks)

  8. Questions ??

More Related