Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information security (un)awareness by Marc Vael

1,215 views

Published on

Marc Vael - International Vice-President of ISACA
Information security (un)awareness

Published in: Technology, Education
  • Be the first to comment

Information security (un)awareness by Marc Vael

  1. 1. Information Security (Un)Awareness Information Security (un)awareness Marc Vael International Vice-President “My management just does not “get” information security!” Anonymous CISO of a large financial institutionMarc Vael CONFENISISACA September 2012 1
  2. 2. Information Security (Un)Awareness “I am overwhelmed with all the passwords I have to remember. I just write them down & leave them with my executive assistant.” Anonymous manager working in an insurance company “Management has authorized acquisition of security monitoring tools, but they did not give me any budget for people to do this monitoring.” Anonymous CISO of a multinational service organisationMarc Vael CONFENISISACA September 2012 2
  3. 3. Information Security (Un)Awareness “Sure, I support information security, but my people need to work and make money.” Anonymous CEO of a retailer “Our information security department keeps getting more tools, but I do not think we are any more secure.” Anonymous CRO of a large financial institutionMarc Vael CONFENISISACA September 2012 3
  4. 4. Information Security (Un)Awareness “Security policy is one thing. Reality is another.” Anonymous COO from a consulting company “All that information security people do is say “No!”. They should learn how we really work. Angry manager of a governmental agencyMarc Vael CONFENISISACA September 2012 4
  5. 5. Information Security (Un)AwarenessMarc Vael CONFENISISACA September 2012 5
  6. 6. Information Security (Un)AwarenessMarc Vael CONFENISISACA September 2012 6
  7. 7. Information Security (Un)AwarenessMarc Vael CONFENISISACA September 2012 7
  8. 8. Information Security (Un)Awareness Cyberwarfare is "the fifth domain of warfare“Marc Vael CONFENISISACA September 2012 8
  9. 9. Information Security (Un)Awareness Impact of an attack on the businessMarc Vael CONFENISISACA September 2012 9
  10. 10. Information Security (Un)Awareness People are the weakest link. You can have the best technology, firewalls, intrusion-detection systems, biometric devices - and somebody can call an unsuspecting employee. Thats all she wrote, baby. They got everything. Kevin Mitnick, ex hacker, IT security consultant.Marc Vael CONFENISISACA September 2012 10
  11. 11. Information Security (Un)Awareness Business Model for Information SecurityMarc Vael CONFENISISACA September 2012 11
  12. 12. Information Security (Un)AwarenessMarc Vael CONFENISISACA September 2012 12
  13. 13. Information Security (Un)AwarenessMarc Vael CONFENISISACA September 2012 13
  14. 14. Information Security (Un)Awareness Managing risks appropriatelyMarc Vael CONFENISISACA September 2012 14
  15. 15. Information Security (Un)Awareness Risk always exists! (whether or not it is detected / recognised by the organisation).Marc Vael CONFENISISACA September 2012 15
  16. 16. Information Security (Un)Awareness EDUCATION!Marc Vael CONFENISISACA September 2012 16
  17. 17. Information Security (Un)AwarenessMarc Vael CONFENISISACA September 2012 17
  18. 18. Information Security (Un)Awareness Corporate governance : ERM = COSO Support from Board of Directors & Executive ManagementMarc Vael CONFENISISACA September 2012 18
  19. 19. Information Security (Un)Awareness Policies & Standards Project ManagementMarc Vael CONFENISISACA September 2012 19
  20. 20. Information Security (Un)Awareness Providing proper funding Providing proper resourcesMarc Vael CONFENISISACA September 2012 20
  21. 21. Information Security (Un)Awareness Measuring performance Review / AuditMarc Vael CONFENISISACA September 2012 21
  22. 22. Information Security (Un)Awareness Your security solution is as strong … … as its weakest linkMarc Vael CONFENISISACA September 2012 22
  23. 23. Information Security (Un)AwarenessMarc Vael CONFENISISACA September 2012 23
  24. 24. Information Security (Un)Awareness www.isaca.org/knowledgecenterMarc Vael CONFENISISACA September 2012 24
  25. 25. Information Security (Un)Awareness www.isaca.org/cobit For more information… Marc Vael International Vice-President Chairman of the Knowledge Board ISACA http://www.isaca.org/ marc@vael.net http://www.linkedin.com/in/marcvael @marcvaelMarc Vael CONFENISISACA September 2012 25

×