Tips to Manage Information Security with Training

706
-1

Published on

To download: http://bit.ly/13VWFoj Here is the presentation on Tips to Manage Information Security with Training. The presentation gives handy tips on using training to ensure data security and information security within the organization.

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
706
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Welcome to the presentation on “Tips to Manage Information Security with Training”
  • Did you know that
  • about 93% of large organizations surveyed in UK experienced a security breach in 2012 causing them to lose anywhere between 450 thousand to 850 thousand pounds?
  • Statistics from other parts of the world are no different. 85% of large companies and federal agencies in the US have been a victim of security breaches. Companies in the US lose anywhere from $1.6 to 46 million dollars per year due to cybercrimes and data breaches.
  • How does security that is causing huge losses to organizations happen?
  • Typical threats to information security could be in the form of viruses, malwares, trojans etc. Employee practices could result in serious compromise of data security.Laptops, Smartphones and other such mobile devices containing sensitive data could be stolen. SQL injection, Phishing, Cyber terrorism or espionage, social engineering are other forms which have come to light in recent times.
  • Billions are spent towards internet security technology by organizations, but not much thought is given to the human element.
  • In most cases, it is NOT the technology that is to be blamed. It is said that 75% of security breaches are committed by employees within the organization - either knowingly or unknowingly.
  • 39% of data breach is simply because of negligence by employees or lack of awareness.
  • Organizations cannot afford to incur huge losses due to information breaches and cyber-attacks. What can organizations do to avert this adversity?
  • They need to take all measures possible to check the situation. One of the key measures is Information Security Awareness Training. Let’s see some key aspects to be kept in mind with respect to IT security training.
  • Research has proved that companies that have taken an initiative to conduct IT security awareness program within their organization, have reported 75% decrease in data loss through Insider attacks.
  • Employees need to be educated that security breaches harm them, as much as their organization. Training helps employees understand that it is in their interests as much as that of the organization to follow security precautions.
  • It is only through regular and persistent training efforts that organizations can bring about behavior change in the employees. Training ensures positive reinforcement of the need for IT security.
  • Information security is not the responsibility to just the information security managers. Training ensures each and every employee is committed to it.
  • Now that we know the importance of conducting IT security awareness training, let’s see the key topics that can to be covered during training. This list can be customized based on your individual situations. Let’s briefly review each one of them
  • Physical security involves routine security practices such as locking the doors, desks or file cabinets and drawers, ensuring that sensitive data is never left unattended
  • Desktop security involves simple practices such as having desktop password, locking the computer when away from the workstation. Importance of adhering to organizational practices such as taking daily or weekly back-ups etc depending on the company’s policy.
  • Though seemingly mundane, password security training is essential in ensure employees set up a strong and secure password or passphrase that are difficult to crack.
  • Wireless networks and security trainings address the insecure nature of wireless networks and enable employees to exercise caution and stabilize the laptops against the dangers of ‘sniffing’
  • Employees need to be sensitized about the dangers of clicking on links provided in an e-mail or submitting bank details via e-mail, as these practices could make them vulnerable to Phishing.
  • You need to inform your employees about the organization’s policy about file sharing and copyright violations. An employee could send sensitive data to a home computer, or allow others to use his or her lap top to surf the internet. Security precautions to be taken during such instances are very valuable.
  • Another important aspect that employees need to know is to identify a threat and report it to the concerned authority for action. A timely action can save organization huge amounts of dollars.
  • What are the methods one can adopt to ensure effective information security awareness? You need to adopt a multiple methods of training for the information to “stick” and to make the training effective. Let’s see what the different training methods are that can be adopted.
  • Web-based training is perhaps the most feasible and easy methods these days, if you want to have trainings at regular frequency. It could be in the form of eLearning modules, short videos, webinars etc.
  • Classroom training and workshops is another method, which can be conducteddone once a year as an organizational exercise. This can be reinforced through other forms as mere once a year classroom training would just not be effective.
  • It is a good practice to have online resources on security policies and best practices for easy reference, when an employee has a doubt. Key topics pertaining to passwords, security measures can be made available for easy access – either in the form of PDF documents, short eLearning modules, stories or videos.
  • It is always better to have information in multiple formats, so that it caters to employees who have varied preferences.
  • Useful hints can be pushed on to the employees’ screens in the form of pop-up reminders when they log in to the network or LMS. Tips and reminders such as “Never write your password anywhere such as post-it notes” or “Did you run virus-scan lately?” always help employees remain vigilant.
  • Here are some tips that you can keep in mind when you are planning an IT security training program.
  • Employees need to understand and identify the practices that might constitute data threat.
  • Make the content simple and easy to understand for employees at all levels.
  • It is always effective to use anecdotes, stories and real life case studies to impress upon the impact of any careless action
  • Get someone from senior management to address the issue with employees. It accentuates the seriousness of the situation both to the management as well as employees.
  • Reaffirm the fact that Information Security is a collective responsibility of each one in the organization
  • Lack of information and employee awareness is a major threat to Information Security. Well-thought out training program is the key to ensure that your organization’s data is protected and secured at all times.
  • Lack of information and employee awareness is a major threat to Information Security. Well-thought out training program is the key to ensure that your organization’s data is protected and secured at all times.
  • Lack of information and employee awareness is a major threat to Information Security. Well-thought out training program is the key to ensure that your organization’s data is protected and secured at all times.
  • Tips to Manage Information Security with Training

    1. 1. Tips to Manage Information Security with Training
    2. 2. DID YOU KNOW?
    3. 3. 93% of organizations in UK faced a security breach in 2012 Estimated losses: £450K to £850K Source: Source: Information Security Breaches Survey (2013)
    4. 4. 85% of organizations in US were victims of security breaches in 2012 Estimated losses; $1.4 to $46 million Source: Ponemon Institute Research Report
    5. 5. How Does Security Breach Happen?
    6. 6. How Does Security Breach Happen?  Viruses, malwares, trojans etc  Intentional or unintentional breaches by employees  Loss of mobile devices containing data  SQL injection  Phishing  Cyber terrorism or espionage  Social engineering
    7. 7. Billions are spent towards internet security technology by organizations… Human element is generally overlooked. $ $ $ $ $ $
    8. 8. 75% of security breaches are “inside jobs”
    9. 9. 39% of data breach is due to employee negligence (Source: Ponemon Institute Research Report)
    10. 10. What can organizations do to avert this adversity?
    11. 11. Information Security Training Program
    12. 12. Reduces Information Security Loss by 75%
    13. 13. Safeguards employee interests as well as organizational interests
    14. 14. Ensures regular positive reinforcement of the need for IT Security
    15. 15. Elicits commitment towards information security from the employees
    16. 16. Key topics to be covered during training
    17. 17. Key topics to be covered during training  Physical security
    18. 18.  Physical security  Desktop security Key topics to be covered during training
    19. 19.  Physical security  Desktop security  Password security Key topics to be covered during training
    20. 20.  Physical security  Desktop security  Password security  Wireless networks security Key topics to be covered during training
    21. 21.  Physical security  Desktop security  Password security  Wireless networks security  Phishing Key topics to be covered during training
    22. 22.  Physical security  Desktop security  Password security  Wireless networks security  Phishing  File sharing and copyright Key topics to be covered during training
    23. 23.  Physical security  Desktop security  Password security  Wireless networks security  Phishing  File sharing and copyright  Steps to be taken in case of a threat Key topics to be covered during training
    24. 24. Modes of Training
    25. 25.  Web-based training Modes of Training
    26. 26.  Web-based training  Classroom training & workshops Modes of Training
    27. 27.  Web-based training  Classroom training & workshops  Online resources on security policies Modes of Training
    28. 28. Source: nie.edu.sg  Web-based training  Classroom training & workshops  Online resources on security policies  Articles/posters/booklets/flyers Modes of Training
    29. 29.  Web-based training  Classroom training & workshops  Online resources on security policies  Articles/posters/booklets/flyers  Pop-up reminders on network/LMS Modes of Training
    30. 30. Tips for IT Security training program
    31. 31. Tips for IT Security training program Tip 1: Identification of threats
    32. 32. Tips for IT Security training program Tip 2:  Ease of comprehension
    33. 33. Tips for IT Security training program Tip 3:  Anecdotes, Real-Instances and Case studies
    34. 34. Tips for IT Security training program Tip 4:  Management buy-in
    35. 35. Tips for IT Security training program Tip 5:  Collective responsibility
    36. 36. Conclusion
    37. 37. Conclusion  Lack of information and employee awareness is a major threat to Information Security.  Well-thought out training program is the key to ensure that your organization’s data is protected and secured at all times.
    38. 38. To read articles on similar topics, please visit blog.commlabindia.com

    ×