1 / 18

Security Awareness – Essential Part of Security Management

Security Awareness – Essential Part of Security Management. Ilze Murane. Agenda. Security m anagement Security awareness in organization Security awareness for home user Questions for discussion. ISF Standard. Information Security Forum

walter
Download Presentation

Security Awareness – Essential Part of Security Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Awareness – Essential Part of Security Management Ilze Murane

  2. Agenda • Security management • Security awareness in organization • Security awareness for home user • Questions for discussion

  3. ISF Standard • Information Security Forum • The Standard of Good Practice for Information Security • http://www.isfsecuritystandard.com

  4. Security Management I • Management commitment • Security policy • Security organization • Information security function • Security awareness • Security classification • Ownership • Information risk analysis

  5. Security Management II • Secure environment • Security architecture • Information privacy • Physical protection • Business continuity • Use of cryptography • Remote working

  6. Security Management III • Malicious attack • Virus protection • Intrusion detection • Forensic investigations • Patch management • Management review • Security audit/review • Security monitoring

  7. Security Awareness • Information security awareness is the degree to which every member of staff understandsthe importance of information security, their individual security responsibilities …and acts accordingly

  8. Security Awareness in organization • Principle • Specific activities should be undertaken, such as a security awareness programme, to promote security awareness to all individuals who have access to the information and systems of the enterprise • Objective • To ensure all relevant individuals understand the key elements of information security and why it is needed, and understand their personal information security responsibilities

  9. IT security lessons: example I • Passwords • Do not share passwords • Use ‘strong’ passwords • Don’t write passwords down

  10. IT security lessons: example II • Viruses • Beware of viruses, particularly in e-mail attachments • Ensure that anti-virus software is installed and updated

  11. IT security lessons: example III • E-mail and Internet use • Don’t send sensitive information over the Internet • Don’t publish your e-mail address in the Internet • Internet use must comply with corporate policies

  12. Case study • Awareness “history” • IT security • Information security • Business Continuity Testing • Security including physical security • Regular seminars

  13. From awareness to behaviour change • Security-positive behaviour should be encouraged by • making attendance at security awareness training compulsory • publicizing security successes and failures throughout the organization • linking security to personal performance objectives

  14. Security Awareness for home user • No regulations • Personal risk experience • More electronic information • Internet banking • Everyone is in theInternet

  15. Lessons for everybody • Main risks • Viruses • Spyware • Phishing • Spam • About • Safe e-mail usage • Safe internet browsing • Securing your computer

  16. At school? • Other security (safety) • road traffic regulation • electricity (physics) • fire protection • IT security...

  17. Questions?Discussion... ilze@latnet.lv

  18. ? • Is IT security concerns everybody • How to educate society • Special software/game • What are our responsibilities • ...

More Related