Your SlideShare is downloading. ×
25 tips & tricks




                                               25 Examples
                                         o...
25 tips & tricks


                                                                  Introduction
            • Marc Vael
...
25 tips & tricks

                  Test : The economic crisis has no impact
                            on the way we han...
25 tips & tricks

                                             Lesson 2 : It is the CISO who is
                          ...
25 tips & tricks

                                                    Lesson 4 : The security vision is
                  ...
25 tips & tricks

              Lesson 6 : Security and risk management
                          are two different profes...
25 tips & tricks

                                        Lesson 8 : People know how to
                                  ...
25 tips & tricks

                                               Lesson 10 : Security awareness
                          ...
25 tips & tricks

                                            Lesson 12 : People always select a
                         ...
25 tips & tricks

                                                    Lesson 14 : People respect clean
                   ...
25 tips & tricks

                                    Lesson 16 : IT people give the good
                                ...
25 tips & tricks

                                   Lesson 18 : Only naughty people get
                                 ...
25 tips & tricks

                          Lesson 20 : People mention their
                     backups in their OOO whe...
25 tips & tricks

                         Lesson 22 : People know & respect
                     security rules when at o...
25 tips & tricks

                      Lesson 24 : People know how to secure
                       their wired & wireles...
25 tips & tricks


                                                                                   Conclusion




     ...
Upcoming SlideShare
Loading in...5
×

Valuendo 25 Things Not To Do (March 2009) Handout

315

Published on

Voting presentation on 25 security statements.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
315
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Valuendo 25 Things Not To Do (March 2009) Handout"

  1. 1. 25 tips & tricks 25 Examples of what you should not do March 2009 Mr. Marc Vael Managing Director Valuendo © 2009 Valuendo. All rights reserved. 1 INFORMATION CLASSIFICATION = PUBLIC Agenda • Introduction • Concept • 25 Statements • Conclusion © 2009 Valuendo. All rights reserved. 2 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 1
  2. 2. 25 tips & tricks Introduction • Marc Vael • Managing Director Valuendo (“value & do”) since July 2001 • Education – Master Applied Economics (UAntwerp) – Master Information Management (UHasselt) – Master+ Applied Economics & ICT (KUL) • Core Services – Enterprise Risk Management – IT Governance – Information Security Management – Data Privacy & Protection – Business Continuity / Disaster Recovery – Crisis Management – IT Audit & Compliance • Certifications in good standing – CISA / CISM / CISSP / ITIL Service Manager © 2009 Valuendo. All rights reserved. 3 INFORMATION CLASSIFICATION = PUBLIC Concept • First : Statement • Second : Voting on your current experience © 2009 Valuendo. All rights reserved. 4 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 2
  3. 3. 25 tips & tricks Test : The economic crisis has no impact on the way we handle security • Fully Agree • Do not agree • Don’t know really © 2009 Valuendo. All rights reserved. 5 INFORMATION CLASSIFICATION = PUBLIC Lesson 1 : Security > Business needs •Yes •Not always •No © 2009 Valuendo. All rights reserved. 6 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 3
  4. 4. 25 tips & tricks Lesson 2 : It is the CISO who is driving security in our organisation •Of course. •No, the real driver is someone else •I’m not sure © 2009 Valuendo. All rights reserved. 7 INFORMATION CLASSIFICATION = PUBLIC Lesson 3 : Security budget is easy to calculate and to defend/present •Absolutely •Difficult to calculate, but easy to defend / present •Not really © 2009 Valuendo. All rights reserved. 8 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 4
  5. 5. 25 tips & tricks Lesson 4 : The security vision is understood by everyone •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 9 INFORMATION CLASSIFICATION = PUBLIC Lesson 5 : Everybody understands security terminology used •Yes we know and we even have a glossary •We hope so •No © 2009 Valuendo. All rights reserved. 10 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 5
  6. 6. 25 tips & tricks Lesson 6 : Security and risk management are two different professions •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 11 INFORMATION CLASSIFICATION = PUBLIC Lesson 7 : People recognize security incidents •Yes and we even have tested this •We hope so •No © 2009 Valuendo. All rights reserved. 12 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 6
  7. 7. 25 tips & tricks Lesson 8 : People know how to classify and secure their information •Yes and we even have tested this •We hope so •No © 2009 Valuendo. All rights reserved. 13 INFORMATION CLASSIFICATION = PUBLIC Lesson 9 : Security audits are essential to determine what’s wrong •Yes •We hope so •No © 2009 Valuendo. All rights reserved. 14 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 7
  8. 8. 25 tips & tricks Lesson 10 : Security awareness posters are the most effective tool •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 15 INFORMATION CLASSIFICATION = PUBLIC Lesson 11 : People remember all passwords & pin-codes •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 16 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 8
  9. 9. 25 tips & tricks Lesson 12 : People always select a strong password •Yes and we even enforce this •We hope so •No © 2009 Valuendo. All rights reserved. 17 INFORMATION CLASSIFICATION = PUBLIC Lesson 13 : People lock their PC information via screen saver •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 18 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 9
  10. 10. 25 tips & tricks Lesson 14 : People respect clean desk policy •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 19 INFORMATION CLASSIFICATION = PUBLIC Lesson 15 : People always use the security tools we give them •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 20 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 10
  11. 11. 25 tips & tricks Lesson 16 : IT people give the good example of respecting security rules •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 21 INFORMATION CLASSIFICATION = PUBLIC Lesson 17 : People only use official authorized software •Yes and we even have tested this •We hope so •No © 2009 Valuendo. All rights reserved. 22 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 11
  12. 12. 25 tips & tricks Lesson 18 : Only naughty people get naughty spam mails •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 23 INFORMATION CLASSIFICATION = PUBLIC Lesson 19 : Only dumb people fall for phishing scams / mails •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 24 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 12
  13. 13. 25 tips & tricks Lesson 20 : People mention their backups in their OOO when unavailable •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 25 INFORMATION CLASSIFICATION = PUBLIC Lesson 21 : People suggest alternative communication channels when unavailable •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 26 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 13
  14. 14. 25 tips & tricks Lesson 22 : People know & respect security rules when at other companies •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 27 INFORMATION CLASSIFICATION = PUBLIC Lesson 23 : People need full internet access for professional reasons •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 28 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 14
  15. 15. 25 tips & tricks Lesson 24 : People know how to secure their wired & wireless network access •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 29 INFORMATION CLASSIFICATION = PUBLIC Lesson 25 : Security is still better on paper than on digital format •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 30 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 15
  16. 16. 25 tips & tricks Conclusion © 2009 Valuendo. All rights reserved. 31 INFORMATION CLASSIFICATION = PUBLIC Contact information Mr. Marc Vael, CISA, CISM, CISSP, ITIL Managing Director Valuendo Kriebrugstraat 33 1760 Roosdaal Belgium T: +32 5 433 61 93 M: +32 473 99 30 31 M: mvael@valuendo.com mvael@valuendo.com W: www.valuendo.com © 2009 Valuendo. All rights reserved. 32 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 16

×