Your SlideShare is downloading. ×
Isa Prog Need L
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Isa Prog Need L

209
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
209
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Why an Information Security Awareness Program is needed in an Information Communications Technology Environment
  • 2. Information Security Vision
    • Information Security enables the protection of the privacy, operations, intellectual property and reputation of the business. Information Security provides an effective set of policies, processes and controls, within a governance structure that defines clear responsibilities, authority, accountability, and demonstrated the ability to measure and proactively manage Information Security risks, threats compliance and effectiveness across the organization.
  • 3. AGENDA
    • Why it is needed
    • Laws – Regulations – Guidelines
    • Implementation
    • Business Plan
    • Risk Management
    • Audit Considerations
    • Summary
  • 4. The Need for a Program
    • Designed to protect information
      • Policies and procedures
      • Informing users of their responsibilities
      • Monitor and review program
    • It’s a people problem
      • Awareness
      • Training
      • Education
    Symantec
  • 5. The Security Gap
    • Security technology is essential
    • Technology is not enough
    • Tighter security controls makes the user the target
    • Technology cannot stop social engineering
    • Insider threat
  • 6. Laws – Regulations – Guidelines
    • Computer security act 1987
    • OMB A-130
    • FISMA
    • HIPAA
    • PCI/DSS
    • SOX
    • GLB
    • ISO/IEC 27xxx
    • ID Theft Red Flags
    Porter Post Accreditation Activities Accreditation Process Certification Process Organization’s Security Policies and Programs Security Standards & Best Practices Laws & Regulations
  • 7. Security Awareness Program
    • Communicate security requirements
    • Communicate roles and responsibilities understand proper security procedures
    • Create baseline for monitoring and sanctions
    • Influencing behavior and decision making
  • 8. Security Awareness Program Objective
    • The objective of the Information Security Training, Awareness, and
    • Education program is to change the actual behavior of people by
    • raising awareness and providing appropriate training so that each employee can protect confidential electronic Information and:
    • better understand the risks when using and storing electronic information;
    • better understand how to reduce the risks to the confidentiality, integrity, and availability of confidential electronic information;
    • better understand their roles and responsibilities for the protection of information and systems.
  • 9. ROI from Security Awareness
    • Cost avoidance
    • Support of mission objectives
    • Protection of image
    • Prevention of downtime
    • Increased security of information from damage and destruction
  • 10. Risk Management
    • Framework for risk management process
    • Assess risks
    • Senior management responsibilities
      • HIPAA - SOX – GLB – FISMA – PCI/DSS
    • FIPS – publication 102
    • Evaluate information usage requirements
    G.A.I.S.P. Designs operational components of solution and estimates operating costs Information Technology: Operations Designs technical solutions and estimates engineering costs Information Technology: Engineering Determines probability of impact on business assets Information Security Group Determines value of business assets Business Owner Responsibility Role
  • 11. Information Security Drivers
    • IT constantly changing
    • Greater connectivity
    • Increasing sophistication of hacking tools
    • Expanding risk
    • The weakest link in the security chain
    • Insider threat
  • 12. Conclusion Businesses must protect the confidentiality, integrity, and availability of information in today’s highly networked systems environment. An effective IT security awareness, training and education program, as part of the overall IT security program, gives users the needed tools and information to protect an businesses vital information resources.