200 likes | 407 Views
Employee Security Awareness. Tuesday, April 9, 2019. Louis Stramaglio IT Ops Supervisor. What is the greatest vulnerability in your organization? Electronic Security Perimeter IT Network OT Network Permissions Physical Security. Are You Vulnerable?. Employees End users Clients
E N D
Employee Security Awareness Tuesday, April 9, 2019 Louis Stramaglio IT Ops Supervisor
What is the greatest vulnerability in your organization? • Electronic Security Perimeter • IT Network • OT Network • Permissions • Physical Security Are You Vulnerable?
Employees • End users • Clients • Customers • Contractors YES!
Does your company have an Employee Security Awareness Program? Question
Understand and comply with company security policies and procedures • Be appropriately trained in the rules of behavior for the systems and applications to which they have access • Work with management to meet training needs • Keep end users aware of actions they can take to better protect their company’s information IT Security Program
Security Policies • Designed to protect the data • Business needs • Known risks 2. Define responsibilities • Who is responsible • Staff responsibilities • IT/Security responsibilities 3. Establish Processes • Monitor the program • Review results • IRP(Incident Response Plan) Security Program Contents
Do you believe your current Employee Security Awareness Program has Management Buy-in? Question
Support • Budget • Reporting • Feedback Management Buy-in
Not training • Addresses concepts and behaviors • Terminology • Informational What is Awareness?
Strategy and Plan • Feedback from key groups • Assess current materials • Create a baseline • Review current metrics • Analysis of findings and recommendations • Current trends • Prioritize • Schedule, but remain flexible • Make it “So Number One” Create the Awareness Plan
Awareness We Are Done, Right?
Awareness Training We Are Done, Right?
End users • IT • Executives • Everyone • Training everyone equally doesn’t always mean training everyone the same way. Stay flexible Who Needs Training?
In-house • LMS • Outsource Where Does Training Come From?
Awareness Testing & Education Training NOW We Are Done, Right?
Measure your success • Report your success to management • Remember, stay flexible • Prioritize weak points, add new content • Continue the cycle Why Test Me?
Obtain Management buy-in • Create your awareness plan based on your IT Security Program • Generate a security baseline and prioritize • Train everyone • Test everyone • Stay flexible and prioritize Participant Challenge
Lou Stramaglio IT Ops Supervisor lstramaglio@wecc.org