Information Security   (un)awareness          Marc Vael     International Vice-President
“My managementjust does not “get”    information     security!”      Anonymous CISO of a large financial institution
“I am overwhelmed with all the passwords I have to remember. I just writethem down & leave them     with my executive     ...
“Management hasauthorized acquisition ofsecurity monitoring tools,but they did not give meany budget for people to  do thi...
“Sure, I support  information security, but my people need towork and make money.”             Anonymous CEO of a retailer
“Our information securitydepartment keeps getting more tools, but I do not think we are any more         secure.”        A...
“Security policy is onething. Reality is another.”         Anonymous COO from a consulting company
“All that information security people do is        say “No!”.They should learn how    we really work.         Angry manage...
Cyberwarfare is"the fifth domain ofwarfare“
Impact of an attack on the business
People are the weakest link.You can have the best technology,firewalls, intrusion-detection systems,biometric devices - an...
Business Model for Information Security
Managing risks appropriately
Risk always exists! (whether or not it isdetected / recognisedby the organisation).
EDUCATION!
Corporate governance : ERM = COSO   Support from Board of Directors &       Executive Management
Policies & Standards
Project Management
Providing proper funding
Providing proper resources
Measuring performance
Review / Audit
Your security solution   is as strong …               … as its weakest link
www.isaca.org/knowledgecenter
www.isaca.org/cobit
For more information… Marc Vael International Vice-President Chairman of the Knowledge Board ISACA http://www.isaca.org/  ...
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Upcoming SlideShare
Loading in...5
×

Information security awareness (sept 2012) bis handout

1,319

Published on

A presentation I delivered for CONFENIS 2012 in Ghent.

Published in: Technology, Education
1 Comment
4 Likes
Statistics
Notes
No Downloads
Views
Total Views
1,319
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
1
Likes
4
Embeds 0
No embeds

No notes for slide

Information security awareness (sept 2012) bis handout

  1. 1. Information Security (un)awareness Marc Vael International Vice-President
  2. 2. “My managementjust does not “get” information security!” Anonymous CISO of a large financial institution
  3. 3. “I am overwhelmed with all the passwords I have to remember. I just writethem down & leave them with my executive assistant.” Anonymous manager working in an insurance company
  4. 4. “Management hasauthorized acquisition ofsecurity monitoring tools,but they did not give meany budget for people to do this monitoring.” Anonymous CISO of a multinational service organisation
  5. 5. “Sure, I support information security, but my people need towork and make money.” Anonymous CEO of a retailer
  6. 6. “Our information securitydepartment keeps getting more tools, but I do not think we are any more secure.” Anonymous CRO of a large financial institution
  7. 7. “Security policy is onething. Reality is another.” Anonymous COO from a consulting company
  8. 8. “All that information security people do is say “No!”.They should learn how we really work. Angry manager of a governmental agency
  9. 9. Cyberwarfare is"the fifth domain ofwarfare“
  10. 10. Impact of an attack on the business
  11. 11. People are the weakest link.You can have the best technology,firewalls, intrusion-detection systems,biometric devices - and somebodycan call an unsuspecting employee.Thats all she wrote, baby.They got everything. Kevin Mitnick, ex hacker, IT security consultant.
  12. 12. Business Model for Information Security
  13. 13. Managing risks appropriately
  14. 14. Risk always exists! (whether or not it isdetected / recognisedby the organisation).
  15. 15. EDUCATION!
  16. 16. Corporate governance : ERM = COSO Support from Board of Directors & Executive Management
  17. 17. Policies & Standards
  18. 18. Project Management
  19. 19. Providing proper funding
  20. 20. Providing proper resources
  21. 21. Measuring performance
  22. 22. Review / Audit
  23. 23. Your security solution is as strong … … as its weakest link
  24. 24. www.isaca.org/knowledgecenter
  25. 25. www.isaca.org/cobit
  26. 26. For more information… Marc Vael International Vice-President Chairman of the Knowledge Board ISACA http://www.isaca.org/ marc@vael.net http://www.linkedin.com/in/marcvael @marcvael

×