Information security awareness (sept 2012) bis handout

1,804 views
1,556 views

Published on

A presentation I delivered for CONFENIS 2012 in Ghent.

Published in: Technology, Education
1 Comment
4 Likes
Statistics
Notes
No Downloads
Views
Total views
1,804
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
0
Comments
1
Likes
4
Embeds 0
No embeds

No notes for slide

Information security awareness (sept 2012) bis handout

  1. 1. Information Security (un)awareness Marc Vael International Vice-President
  2. 2. “My managementjust does not “get” information security!” Anonymous CISO of a large financial institution
  3. 3. “I am overwhelmed with all the passwords I have to remember. I just writethem down & leave them with my executive assistant.” Anonymous manager working in an insurance company
  4. 4. “Management hasauthorized acquisition ofsecurity monitoring tools,but they did not give meany budget for people to do this monitoring.” Anonymous CISO of a multinational service organisation
  5. 5. “Sure, I support information security, but my people need towork and make money.” Anonymous CEO of a retailer
  6. 6. “Our information securitydepartment keeps getting more tools, but I do not think we are any more secure.” Anonymous CRO of a large financial institution
  7. 7. “Security policy is onething. Reality is another.” Anonymous COO from a consulting company
  8. 8. “All that information security people do is say “No!”.They should learn how we really work. Angry manager of a governmental agency
  9. 9. Cyberwarfare is"the fifth domain ofwarfare“
  10. 10. Impact of an attack on the business
  11. 11. People are the weakest link.You can have the best technology,firewalls, intrusion-detection systems,biometric devices - and somebodycan call an unsuspecting employee.Thats all she wrote, baby.They got everything. Kevin Mitnick, ex hacker, IT security consultant.
  12. 12. Business Model for Information Security
  13. 13. Managing risks appropriately
  14. 14. Risk always exists! (whether or not it isdetected / recognisedby the organisation).
  15. 15. EDUCATION!
  16. 16. Corporate governance : ERM = COSO Support from Board of Directors & Executive Management
  17. 17. Policies & Standards
  18. 18. Project Management
  19. 19. Providing proper funding
  20. 20. Providing proper resources
  21. 21. Measuring performance
  22. 22. Review / Audit
  23. 23. Your security solution is as strong … … as its weakest link
  24. 24. www.isaca.org/knowledgecenter
  25. 25. www.isaca.org/cobit
  26. 26. For more information… Marc Vael International Vice-President Chairman of the Knowledge Board ISACA http://www.isaca.org/ marc@vael.net http://www.linkedin.com/in/marcvael @marcvael

×