Security Awareness
Download
Report
Transcript Security Awareness
Security Awareness – Essential
Part of Security Management
Ilze Murane
Agenda
Security management
Security awareness in organization
Security awareness for home user
Questions for discussion
ISF Standard
Information Security Forum
The Standard of Good Practice for
Information Security
http://www.isfsecuritystandard.com
Security Management I
Management commitment
Security policy
Security organization
– Information security function
– Security awareness
– Security classification
– Ownership
– Information risk analysis
Security Management II
Secure environment
– Security architecture
– Information privacy
– Physical protection
– Business continuity
– Use of cryptography
– Remote working
Security Management III
Malicious attack
– Virus protection
– Intrusion detection
– Forensic investigations
– Patch management
Management review
– Security audit/review
– Security monitoring
Security Awareness
Information security awareness is
the degree to which every
member of staff understands the
importance of information
security, their individual security
responsibilities
…and acts accordingly
Security Awareness in organization
Principle
– Specific activities should be undertaken, such as a
security awareness programme, to promote security
awareness to all individuals who have access to the
information and systems of the enterprise
Objective
– To ensure all relevant individuals understand the key
elements of information security and why it is needed,
and understand their personal information security
responsibilities
IT security lessons: example I
Passwords
– Do not share passwords
– Use ‘strong’ passwords
– Don’t write passwords down
IT security lessons: example II
Viruses
– Beware of viruses, particularly in e-mail
attachments
– Ensure that anti-virus software is installed
and updated
IT security lessons: example III
E-mail and Internet use
– Don’t send sensitive information over the
Internet
– Don’t publish your e-mail address in the
Internet
– Internet use must comply with corporate
policies
Case study
Awareness “history”
– IT security
– Information security
– Business Continuity Testing
– Security including physical security
Regular seminars
From awareness to behaviour change
Security-positive behaviour should be
encouraged by
– making attendance at security awareness
training compulsory
– publicizing security successes and failures
throughout the organization
– linking security to personal performance
objectives
Security Awareness for home user
No regulations
Personal risk experience
More electronic information
– Internet banking
Everyone is in the
Internet
Lessons for everybody
Main risks
– Viruses
– Spyware
– Phishing
– Spam
About
– Safe e-mail usage
– Safe internet browsing
– Securing your computer
At school?
Other security (safety)
– road traffic regulation
– electricity (physics)
– fire protection
IT security...
Questions?
Discussion...
[email protected]
?
Is IT security concerns everybody
How to educate society
Special software/game
What are our responsibilities
...