Executive Information Security Training


Published on

Short training presentation for executives

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Before you begin : This course explains the new security features in Microsoft Office Word 2007, Microsoft Office Excel ® 2007, Microsoft Office PowerPoint ® 2007, Microsoft Office Access 2007, Microsoft Office Publisher 2007, Microsoft Office Visio ® 2007, and Microsoft Office InfoPath ® 2007. Also included are some tips for Microsoft Office Outlook ® 2007 and more general information about computer security. [ Note to trainer : For detailed help in customizing this template, see the very last slide. Also, look for additional lesson text in the notes pane of some slides.]
  • Slide customization recommendations : N/A. Slide objective : To emphasize that instituting security in your company is not discretionary; it is essential for sustaining your company, and ensuring the protection of all personnel. Use this slide to help your end-user audiences to understand the consequences associated with the vast number of security threats facing your organization. Instructor notes : The consequences While you will be addressing several of the prevalent threats in detail later in the presentation, it is recommended that you discuss the themes of threats that introduce risk to your organization. It is recommended you present themes in terms of the consequences associated with the threats. Provided below is information accompanying each theme that you may wish to communicate to your end-user audiences: Loss of competitive advantage Our company is successful due to the competitive advantage it has accumulated over time. Our competitive advantage is achieved through our people, our trade secrets (i.e., confidential information and procedures that we have developed to enable us to conduct business), and our intellectual property (i.e., confidential information that represents how we conduct business). There are many threats to the well-being of our competitive advantage. Should confidential information pertaining to our personnel, trade secrets, or intellectual property be compromised, it could have a severe impact on our competitive advantage. Therefore, our critical information and our personnel must be protected. Identity theft Identity theft involves the theft of information that may be used to identify an individual. Examples of such information – termed “personally identifiable information,” include social security numbers, birth dates, ethnicity, etc. As a further example, most of the information you would use to open a new credit card account is personally identifiable information (PII). Once this PII is stolen, criminals may use this information to purchase goods and services in your name, using your existing credit card accounts, or may create new credit card accounts in your name, using your PII. Equipment theft Unauthorized, non-<company> employees may enter our facilities. The risk associated with this unauthorized access is these criminals may steal equipment, such as laptop computers and servers. Service interruption If our network environment, our Web site, and our Web-based applications are not sufficiently protected, we will be susceptible to malicious attacks from criminals. Many of these attacks are designed to interrupt the operations of our information systems (e.g., our e-mail services and <mention one or two business applications with which all end-user audiences will be familiar>). Embarrassing media coverage You will see on the following slide several examples of media coverage that has compromised notable organizations’ reputations. It is likely that if <company> experiences a security incident that impacts our customers or business partners, such a security incident will become widely known and exploited in the media. This would severely impact <company>’s credibility, and many other aspects of our business we have exerted substantial time, money, and effort to build. Compromised customer confidence; loss of business Regardless if a security incident becomes widely known, <company>’s customers and business partners will likely be impacted. Our customers and business partners are becoming more sophisticated in their needs, and if they even suspect <company> is experiencing security issues, their confidence will be compromised. This compromised confidence will likely result in loss of business. Legal penalties Should <company> be found to be non-compliant with applicable regulations, legal fines / penalties could amount to the $millions. It is therefore important to ensure <company> is compliant with each of the regulations we previously discussed.
  • Executive Information Security Training

    1. 1. Awareness Training for Executives Information Security
    2. 2. Introduction <ul><li>Welcome </li></ul>(module 4)
    3. 3. <ul><li>Angela Samuels </li></ul>Trainer (module 4)
    4. 4. Real World Stats (module 4) IT professionals in countries other than the U.S. were slightly more cautious in their own vulnerability assessments. 13% in Europe 16% in China 24% in India say their organizations are more vulnerable to security dangers than a year ago.
    5. 5. Objectives <ul><li>How to access the current level of security within the corporation. </li></ul><ul><li>What to expect of the future of Information Security. </li></ul>(module 4)
    6. 6. Security Assessment <ul><li>Three areas in the company to focus on: </li></ul><ul><li>People </li></ul><ul><li>Processes </li></ul><ul><li>And technology </li></ul>
    7. 7. Security Assessment <ul><li>Create a security evaluation framework by </li></ul><ul><ul><li>Internal information security department or </li></ul></ul><ul><ul><li>Third party vendor </li></ul></ul>(module 4)
    8. 8. Security Assessment (module 4) <ul><li>Internal department assessment can use “The executive guide to Information Security” as a guide. </li></ul>
    9. 9. Security Assessment <ul><li>Third Party Vendors </li></ul><ul><ul><li>Brought in as support and guide. </li></ul></ul><ul><ul><li>Require they have industry standards rather then their own. </li></ul></ul><ul><ul><li>The company can do their own follow up assessment in the future. </li></ul></ul>(module 4)
    10. 10. Security Assessment (module 4) <ul><li>Timeframe is usually 90 days for full assessment depending on the size of company. </li></ul><ul><li>After assessment, improvements can be planned and enacted. </li></ul>
    11. 11. The Future of Information Security <ul><li>More and more threats </li></ul><ul><li>More complex web applications = more complex threats </li></ul>(module 4)
    12. 12. The Future of Information Security <ul><li>The threats have global impact. </li></ul><ul><li>The threats will spread faster. </li></ul><ul><li>Hackers intentions will be motivated by organized crime organizations. </li></ul>
    13. 13. Review of Objectives <ul><li>How to access the current level of security within the corporation. </li></ul><ul><li>What to expect of the future of Information Security. </li></ul>(module 4)
    14. 14. Real World Scenario A hospital’s Web site was compromised because a Web developer made a programming error. Sensitive patient records were taken. When the criminals proved they had the data, the hospital had to choose between paying extortion or allowing their patients health records to be spread all over the Internet. What do you do? (module 4)
    15. 15. Real World Scenario Review Questions <ul><li>Would an assessment prevented a situation like this? </li></ul><ul><li>Is your company prepared to handle a situation like this? </li></ul>(module 4)
    16. 16. Tips to Take Back to the Office <ul><li>Work on assessment right a way if you have not done so already. </li></ul><ul><li>Always be on the look out the latest and greatest hacker schemes. </li></ul>(module 4)
    17. 17. Materials <ul><li>Executive security awareness brochure </li></ul><ul><li>Website for executive security related articles </li></ul>(module 4)
    18. 18. Questions (module 4)