SCOPE

SCOPE • ORGANISATIONAL CULTURE • ORGANISATION MUST PROVIDE FOR INFORMATION • SECURITY • FAILING TO PLAN, IS PLANNING TO FAIL • ASPECTS THAT SHOULD BE ADRESSED • DURING SECURITY AWARENESS TRAINING • QUESTIONS ?

AIM • TO DEMONSTRATE THE IMPORTANCE OF • SECURITY AWARENESS IN ENHANCING THE • SECURITY MATURITY OF USERS

IMPORTANCE OF SECURITY AWARENESS • ORGANISATIONAL CULTURE DETERMINES • IMPORTANCE OF INFORMATION SECURITY • ORGANISATION MUST PROVIDE FOR INFORMATION • SECURITY: • ENHANCE SECURITY KNOWLEDGE OF USERS • CHANGE ATTITUDE TOWARDS SECURITY • CHANGE BEHAVIOUR PATTERNS • HUMANS ARE THE WEAK LINK

IMPORTANCE OF SECURITY AWARENESS • FORMAL TRAINING AND EDUCATION ADDRESS • KNOWLEDGE OF USERS • ATTITUDE AND BEHAVIOUR CHANGES COME • WITH UNDERSTANDING OF SECURITY RISKS • CULTURAL CHANGE WRT INFORMATION • SECURITY MUST BE ACHIEVED

SECURITY AWARENESS TRAINING • SECURITY AWARENESS TRAINING SUCCESS • DEPENDS ON EFFECTIVE PLANNING. • AWARENESS TRAINING PROGRAM EXTREMELY IMPORTANT • MANAGEMENT APPROVAL MUST BE OBTAINED • FOLLOW A LIFECYCLE TO ENSURE CONTINUOUS IMPROVEMENT

TYPICAL SECURITY AWARENESS TRAINING LIFECYCLE Threat assessment

CONTENT OF SECURITY AWARENESS TRAINING • What are the threats ? • How to counteract identified threats • Passwords (use, compilation, changing, secrecy) • Preventing unauthorised access • Malicious code/countermeasures • E-mailing • Backup/DRPs • Use and safeguarding of removable data media • Use of “Freeware” • Theft prevention • Social engineering (dangers of social networks)

Questions ??

SCOPE

SCOPE

Presentation Transcript

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope

Scope