> The Humandimensionhuman aspect of information security
Guess You’ll all agree  with me that….
bad information security         meansbad company security     lost credibility
we must be sure that   we protect our data, ourcommercial secrets, our assetsand our business transactions
YOU DO EVERYTHING TO MAKE THIS HAPPEN      FOR SURE
but…  EMPLOYEES WORK WITH COMPANY DATA,COMPANY SYSTEMS, THEY ARE IN TOUCH WITH    CLIENTS, SERVICES AND PRODUCTS.  THEY NE...
Fact:HUMAN ERROR IS THECAUSE OF 42% OF ALLSECURITY BREACHES           ISC2 White Paper : Securing the Organizations: Creat...
Information security is one of           the biggest challenges a business faces today.            55% of                 ...
When does “an employee”becomes a RISK?
Do you know what these are?         123456         Password          iloveu
I mean…The gap between youguysAnd your averageemployeeisHUGE
Fact:We don’t knowAs much as you do
Paper, pen, lettertypewritercomputerinternet, e-mailWeb 2.0, social mediaVirtual communities
People move…Both in real and virtual world…And they create risk!With or without knowing it
A picture…87,5% of large businesses have a security policy in place.67% of the companies that give a high priority to secu...
more exposure,more action,more knowhow sharing,more interactionThe Return is big butthe Risk is big too
your   employeescan   fast becomethe   weakest    linkin your informationsecurity
changing employee behaviouris the keyto improving information security.
The big   how
Offer them a clear framework  EMAIL SECURITY  INTERNET SECURITY  DATA SECURITY  ASSETS SECURITY
Do you have policies?Why?
Customize the accessaccording to the skills andneeds of the employeescustomize the riskBut standardize yourpolicies
The worst way tocommunicate a policy isPublishing it
Educate, educate, educate:have your employees buildthe “awareness” muscleGive people good habits
Communicate yourbest practices
Create an awarenessculture:let it be a dialogue
Make it formal:it is serious
Make it simple,make it fun,make it participative
Make it amanagement issue
Be   fully   proactive
Tell themPersonal = professional
ProhibitingLimitingBanningis not your key to successtrust
answer WIIFM?
Hr & it partnership*Does hr talk about these?I am afraid not…Legal base remains unclear too…
You have to be securityand policy mentorYour employees have to besecurity and policy literateYour company has to besecurit...
get connected E-mail: pinar.akkaya.pa@gmail.com LinkedIn: http://tr.linkedin.com/in/pinarakkaya Twitter: http://twitter.co...
PINAR AKKAYA - The Human Dimension
Upcoming SlideShare
Loading in …5
×

PINAR AKKAYA - The Human Dimension

1,006 views
886 views

Published on

Human Aspect of Information Security > Presentation done on 12 October, 2011 E-Crime Event, Istanbul

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,006
On SlideShare
0
From Embeds
0
Number of Embeds
60
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PINAR AKKAYA - The Human Dimension

  1. 1. > The Humandimensionhuman aspect of information security
  2. 2. Guess You’ll all agree with me that….
  3. 3. bad information security meansbad company security lost credibility
  4. 4. we must be sure that we protect our data, ourcommercial secrets, our assetsand our business transactions
  5. 5. YOU DO EVERYTHING TO MAKE THIS HAPPEN FOR SURE
  6. 6. but… EMPLOYEES WORK WITH COMPANY DATA,COMPANY SYSTEMS, THEY ARE IN TOUCH WITH CLIENTS, SERVICES AND PRODUCTS. THEY NEED TO UNDERSTAND THE BASIC PRINCIPLES OF INFORMATION SECURITY.
  7. 7. Fact:HUMAN ERROR IS THECAUSE OF 42% OF ALLSECURITY BREACHES ISC2 White Paper : Securing the Organizations: Creating A Partnership Between HR and Information Security
  8. 8. Information security is one of the biggest challenges a business faces today. 55% of 50% of companies used respondents think that their employees had over 7 different little or even no vendors to keep awareness of data their network protection issues or secure. corporate security policy.Ref: Checkpoint Technologies&The Ponemon Institute Survey 2011 >>2,400 IT security staff across the world
  9. 9. When does “an employee”becomes a RISK?
  10. 10. Do you know what these are? 123456 Password iloveu
  11. 11. I mean…The gap between youguysAnd your averageemployeeisHUGE
  12. 12. Fact:We don’t knowAs much as you do
  13. 13. Paper, pen, lettertypewritercomputerinternet, e-mailWeb 2.0, social mediaVirtual communities
  14. 14. People move…Both in real and virtual world…And they create risk!With or without knowing it
  15. 15. A picture…87,5% of large businesses have a security policy in place.67% of the companies that give a high priority to security also had a security policy.A big majority of companies take steps to raise awareness among employees.More than 50% allow staff to access their systems remotely.The proportion of businesses restricting internet access dropped by 50%.Now only fewer than 10% gave no access to the internet.Employees are increasingly being targeted by "social engineering" attacks.Businesses are becoming more concerned about what was being said about them onsocial networking sites.More than 80% of large companies blocked access to inappropriate websites.86% logged and monitored staff access to the internet. Research by PWC UK , 2010
  16. 16. more exposure,more action,more knowhow sharing,more interactionThe Return is big butthe Risk is big too
  17. 17. your employeescan fast becomethe weakest linkin your informationsecurity
  18. 18. changing employee behaviouris the keyto improving information security.
  19. 19. The big how
  20. 20. Offer them a clear framework EMAIL SECURITY INTERNET SECURITY DATA SECURITY ASSETS SECURITY
  21. 21. Do you have policies?Why?
  22. 22. Customize the accessaccording to the skills andneeds of the employeescustomize the riskBut standardize yourpolicies
  23. 23. The worst way tocommunicate a policy isPublishing it
  24. 24. Educate, educate, educate:have your employees buildthe “awareness” muscleGive people good habits
  25. 25. Communicate yourbest practices
  26. 26. Create an awarenessculture:let it be a dialogue
  27. 27. Make it formal:it is serious
  28. 28. Make it simple,make it fun,make it participative
  29. 29. Make it amanagement issue
  30. 30. Be fully proactive
  31. 31. Tell themPersonal = professional
  32. 32. ProhibitingLimitingBanningis not your key to successtrust
  33. 33. answer WIIFM?
  34. 34. Hr & it partnership*Does hr talk about these?I am afraid not…Legal base remains unclear too…
  35. 35. You have to be securityand policy mentorYour employees have to besecurity and policy literateYour company has to besecurity and policy fluent
  36. 36. get connected E-mail: pinar.akkaya.pa@gmail.com LinkedIn: http://tr.linkedin.com/in/pinarakkaya Twitter: http://twitter.com/PINARAKKAYA http://twitter.com/lifesocialmedia http://tr.linkedin.com/groups/hrleadersturkey

×