Security Champions Programme

•Download as PPTX, PDF•

0 likes•401 views

P

PetraVukmirovic

Pioneering Security Champions Programme at Glaswall

Security Champions Programme
Information Security as part of Workflow
InfoSec Team Glasswall

Who is a Security Champion?
⁄ A person! Nominated by their squad/team leader
⁄ An Information Security “go to” person in their team
⁄ Information Security Promoter
⁄ A Security Champion will:
• Have an overview of their squad’s assets
• Monitor all squad assets regularly (automated/manual Nmap, port and vulnerability scans, Data Dog,
Elastic or any other tool of choice, code, apps, threat models...)
• Responsible of reporting any security risks or vulnerabilities within their squad/team work scope
• Be aware of and help with enforcing Glasswall Security Guidelines to the team
• Report and escalate any breach of the Security Guidelines within their team/squad
• Promote Information Security awareness and tips with the squad via Slack channels
• Be involved in Incident Response within their team/squad

Why do we need Security Champions?
⁄ To ensure information security is part of every team workflow in Glasswall
⁄ As part of an information security assurance there will be a Security Champion within every
team in Glasswall
⁄ Ensuring our assets and our customers are safe goes beyond the Information Security Team
⁄ Risk awareness and mitigation processes within every team helps establish Resiliance

How it will be introduced in GW?
Security Champion
Policy
Security Champion
Nomination
Security Champion
Training

Risk Strategy
Asset Protection
Information Security Resilience
Threat Modelling
Discovering and Mitigating Vulnerabilities
Risk Assessment
Information Security Policies
Information Security Team
Employees – InfoSec as workflow
Risk Framework

Security Champion Training
⁄ Security Champions will receive InfoSec training led by the InfoSec team
in form of onboarding procedures, tutorials, webinars and e-learning
⁄ If any questions or uncertainties the InfoSec team will always be
available to assist and provide training and feedback
⁄ Learning by participating in the InfoSec meetings
⁄ Proactive self e-learning about information security

Thank You for your attention
Any questions?
Petra Vukmirovic
InfoSec Team Glasswall

More Related Content

Similar to Security Champions Programme

Fissea09 mgupta-day3-panel process-program-build-effective-training

Fissea09 mgupta-day3-panel process-program-build-effective-training

Fissea09 mgupta-day3-panel process-program-build-effective-training

Accuvant Intro

THE NAKOTA PRODUCTS_AND_SERVICES_2014

THE NAKOTA PRODUCTS_AND_SERVICES_2014

THE NAKOTA PRODUCTS_AND_SERVICES_2014

Eugenia Bulanova

Certified SOC Analyst

Certified SOC Analyst

Certified SOC Analyst

A Two (2) Day Security powerpoint

A Two (2) Day Security powerpoint

A Two (2) Day Security powerpoint

Wasn't expecting that! Now what?

Wasn't expecting that! Now what?

Wasn't expecting that! Now what?

Phases of Incident Response

Phases of Incident Response

Phases of Incident Response

AFour Technologies, a leading cyber security services company, stands as a beacon of expertise and innovation for those seeking advanced security testing solutions at competitive rates. Our tailored, comprehensive cybersecurity services are your shield against unprecedented breaches and losses. Contact us at contact@afourtech.com to embark on a journey towards fortified business resilience through state-of-the-art security testing.

Understanding the Importance of Security Testing in Safeguarding Your Digital...

Understanding the Importance of Security Testing in Safeguarding Your Digital...

Understanding the Importance of Security Testing in Safeguarding Your Digital...

Seccuris-Overview-OneSheet-051415

Seccuris-Overview-OneSheet-051415

Seccuris-Overview-OneSheet-051415

Control System Cyber Security - A Different Approach

Control System Cyber Security - A Different Approach

Control System Cyber Security - A Different Approach

Why implement a robust cyber security policy?

Why implement a robust cyber security policy?

Why implement a robust cyber security policy?

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Connection can help keep your business secure!

Connection can help keep your business secure!

Connection can help keep your business secure!

Heather Salmons Newswanger

How to Choose the Right Security Training for You

How to Choose the Right Security Training for You

How to Choose the Right Security Training for You

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Cybersecurity education catalog sae september 2021

Cybersecurity education catalog sae september 2021

Cybersecurity education catalog sae september 2021

TrustwaveHoldings

Length: 2 Days Information security is to safeguard and ensure the fundamental information utilizing the most recent innovation and protection methodologies. Understanding risks, ensuring the framework security against risk and dealing with the risk if there should be an occurrence of dangers is one of the most significant themes in digital security. Learn about dangers and vulnerabilities in information system, for example, ecological debacles, fear based oppressor assaults, digital vulnerabilities, cybercrimes, cryptographic assaults, code infusion assaults, or refusal of administration assaults. Find out about the information, information sharing techniques, significance of information, and recurrence of security episodes on significant information and how to configuration shields for essential information. Training Objectives: Gain proficiency with the primary idea of information security Understand the dangers and vulnerabilities in information security organize Perceive the imperative information and have the option to save the security of the information Understand the idea of risk, displaying procedures and examination draws near Have the option to understand the idea of risk management, arrangement of the risks and recuperation plans Clarify the principle parts of risk management in digital security Understand the risk evaluation methods and their application to information security Depict the risk management apparatuses and methods in digital security Training Outline: The information security and risk management training course comprises of the following lessons, which can be revised and tailored to the client’s need: Introduction to Information Security Threats and Vulnerabilities Data Risk Modeling Introduction to Risk Management Components of Risk Management Risk Assessment Techniques Risk Management Techniques Risk Management Tools Hands-on and In-Class Activities Request more information regarding information security and risk management training. Visit tonex.com for course and workshop detail. Information security and risk management training https://www.tonex.com/training-courses/information-security-and-risk-management-training/

Most Effective Information Security and Risk Management Training

Most Effective Information Security and Risk Management Training

Most Effective Information Security and Risk Management Training

A journey into Application Security

A journey into Application Security

A journey into Application Security

Christian Martorella

Comprehensive plans are in place to improve our institutional cyber security

Comprehensive plans are in place to improve our institutional cyber security

Comprehensive plans are in place to improve our institutional cyber security

JasonTrinhNguyenTruo

Similar to Security Champions Programme (20)

Fissea09 mgupta-day3-panel process-program-build-effective-training

Fissea09 mgupta-day3-panel process-program-build-effective-training

Fissea09 mgupta-day3-panel process-program-build-effective-training

Accuvant Intro

THE NAKOTA PRODUCTS_AND_SERVICES_2014

THE NAKOTA PRODUCTS_AND_SERVICES_2014

THE NAKOTA PRODUCTS_AND_SERVICES_2014

Certified SOC Analyst

Certified SOC Analyst

Certified SOC Analyst

A Two (2) Day Security powerpoint

A Two (2) Day Security powerpoint

A Two (2) Day Security powerpoint

Wasn't expecting that! Now what?

Wasn't expecting that! Now what?

Wasn't expecting that! Now what?

Phases of Incident Response

Phases of Incident Response

Phases of Incident Response

Understanding the Importance of Security Testing in Safeguarding Your Digital...

Understanding the Importance of Security Testing in Safeguarding Your Digital...

Understanding the Importance of Security Testing in Safeguarding Your Digital...

Seccuris-Overview-OneSheet-051415

Seccuris-Overview-OneSheet-051415

Seccuris-Overview-OneSheet-051415

Control System Cyber Security - A Different Approach

Control System Cyber Security - A Different Approach

Control System Cyber Security - A Different Approach

Why implement a robust cyber security policy?

Why implement a robust cyber security policy?

Why implement a robust cyber security policy?

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Connection can help keep your business secure!

Connection can help keep your business secure!

Connection can help keep your business secure!

How to Choose the Right Security Training for You

How to Choose the Right Security Training for You

How to Choose the Right Security Training for You

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Clearswift vacancies July 2014

Cybersecurity education catalog sae september 2021

Cybersecurity education catalog sae september 2021

Cybersecurity education catalog sae september 2021

Most Effective Information Security and Risk Management Training

Most Effective Information Security and Risk Management Training

Most Effective Information Security and Risk Management Training

A journey into Application Security

A journey into Application Security

A journey into Application Security

Comprehensive plans are in place to improve our institutional cyber security

Comprehensive plans are in place to improve our institutional cyber security

Comprehensive plans are in place to improve our institutional cyber security

Recently uploaded

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

In today's digital world, trust is key to customer relationships, but keeping it is a huge challenge. Customers are well-informed and empowered, quick to change brands if their trust is broken, even if it costs them more. This puts a lot of pressure on organizations to handle trust and safety issues with great care and transparency. The challenge, however, is real. Fragmented solutions have left privacy, legal, and security teams in a perpetual cycle of catch-up, struggling to update privacy notices, manage customer data rights, and answer lengthy security questionnaires—all while trying to prove ROI to the business. It's a thankless job, filled with repetition, tedious tasks, and constant interdepartmental coordination. Combine this with fast regulatory changes and the quick evolution of AI, and it becomes overwhelming. Join this webinar to learn more about TrustArc's new innovative solution Trust Center, the only unified, no-code online hub for trust and safety information built for privacy, security, compliance, and legal teams. Trust Center streamlines your path to compliance, shortens the pre-sales cycle, and reduces both legal and regulatory risks, saving time, effort, and cost. This webinar will review: - Why companies are building unified Trust Centers for a robust privacy program. - How unified Trust Centers streamline sales cycles, ensure regulatory compliance, and reduce operational bottlenecks. - How compliance, legal, security, GRC, and privacy teams benefit from a unified Trust Center in terms of needs, pains, and outcomes. - How TrustArc Trust Center saves time and work while reducing legal, reputational, and compliance risk by effectively managing policies, notices, terms, and disclosures, and providing real-time updates on subprocessors.

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

Key topics covered: - Understanding the basics of IAM and its significance in the modern enterprise. IAM in a platformless environment - Tackling real-world issues like prioritizing frictionless yet secure user access, securing high-value APIs, integrating to business, compliance, and adapting to cloud native environments with scalable solutions - Practical demonstrations of how WSO2 products can be instrumental in deploying efficient IAM solutions - Preparing for upcoming trends and innovations in identity management

Navigating Identity and Access Management in the Modern Enterprise

Navigating Identity and Access Management in the Modern Enterprise

Navigating Identity and Access Management in the Modern Enterprise

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

Introduction to use of FHIR Documents in ABDM

Introduction to use of FHIR Documents in ABDM

Introduction to use of FHIR Documents in ABDM

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Architecting Cloud Native Applications

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

In the ever-evolving landscape of data management, Zero-ETL is an approach that is reshaping how businesses handle and integrate their data. This webinar explores Zero-ETL, a paradigm shift from the traditional Extract, Transform, Load (ETL) process, offering a more streamlined, efficient, and real-time data integration method. We will begin with an introduction to the concept of Zero-ETL, including how it allows direct access to data in its native environment and real-time data transformation, providing up-to-date information with significantly reduced data redundancy. Next, we'll take you through several demonstrations showing how Zero-ETL can deliver real-time data and enable the free movement of data between systems. We will also discuss the various tools that support all aspects of Zero-ETL, providing attendees with an understanding of how they can adopt this innovative approach in their organizations. Lastly, the session will conclude with an interactive Q&A segment, allowing participants to gain deeper insights into how Zero-ETL can be tailored to their specific business needs and how they can get started today. Join us to discover how Zero-ETL can elevate your organization's data strategy.

The Zero-ETL Approach: Enhancing Data Agility and Insight

The Zero-ETL Approach: Enhancing Data Agility and Insight

The Zero-ETL Approach: Enhancing Data Agility and Insight

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

rightmanforbloodline

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Key topics covered: - Real-world examples of Choreo's comprehensive coverage from application design and deployment, security, scaling, and monitoring - Running different types of workloads, such as web applications, APIs, microservices, integrations, and tasks at scale, and wire them together to deliver seamless omnichannel digital experiences - How Choreo improves the developer experience by eliminating repetition, silos, and redundancy through enhanced discoverability and self-serviceability

Choreo: Empowering the Future of Enterprise Software Engineering

Choreo: Empowering the Future of Enterprise Software Engineering

Choreo: Empowering the Future of Enterprise Software Engineering

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.

Modernizing Legacy Systems Using Ballerina

Modernizing Legacy Systems Using Ballerina

Modernizing Legacy Systems Using Ballerina

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

Recently uploaded (20)

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

Navigating Identity and Access Management in the Modern Enterprise

Navigating Identity and Access Management in the Modern Enterprise

Navigating Identity and Access Management in the Modern Enterprise

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

Introduction to use of FHIR Documents in ABDM

Introduction to use of FHIR Documents in ABDM

Introduction to use of FHIR Documents in ABDM

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Architecting Cloud Native Applications

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

The Zero-ETL Approach: Enhancing Data Agility and Insight

The Zero-ETL Approach: Enhancing Data Agility and Insight

The Zero-ETL Approach: Enhancing Data Agility and Insight

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Choreo: Empowering the Future of Enterprise Software Engineering

Choreo: Empowering the Future of Enterprise Software Engineering

Choreo: Empowering the Future of Enterprise Software Engineering

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

Modernizing Legacy Systems Using Ballerina

Modernizing Legacy Systems Using Ballerina

Modernizing Legacy Systems Using Ballerina

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

Security Champions Programme

1. Security Champions Programme Information Security as part of Workflow InfoSec Team Glasswall

2. Who is a Security Champion? ⁄ A person! Nominated by their squad/team leader ⁄ An Information Security “go to” person in their team ⁄ Information Security Promoter ⁄ A Security Champion will: • Have an overview of their squad’s assets • Monitor all squad assets regularly (automated/manual Nmap, port and vulnerability scans, Data Dog, Elastic or any other tool of choice, code, apps, threat models...) • Responsible of reporting any security risks or vulnerabilities within their squad/team work scope • Be aware of and help with enforcing Glasswall Security Guidelines to the team • Report and escalate any breach of the Security Guidelines within their team/squad • Promote Information Security awareness and tips with the squad via Slack channels • Be involved in Incident Response within their team/squad

3. Why do we need Security Champions? ⁄ To ensure information security is part of every team workflow in Glasswall ⁄ As part of an information security assurance there will be a Security Champion within every team in Glasswall ⁄ Ensuring our assets and our customers are safe goes beyond the Information Security Team ⁄ Risk awareness and mitigation processes within every team helps establish Resiliance

4. How it will be introduced in GW? Security Champion Policy Security Champion Nomination Security Champion Training

5. Risk Strategy Asset Protection Information Security Resilience Threat Modelling Discovering and Mitigating Vulnerabilities Risk Assessment Information Security Policies Information Security Team Employees – InfoSec as workflow Risk Framework

6. Security Champion Training ⁄ Security Champions will receive InfoSec training led by the InfoSec team in form of onboarding procedures, tutorials, webinars and e-learning ⁄ If any questions or uncertainties the InfoSec team will always be available to assist and provide training and feedback ⁄ Learning by participating in the InfoSec meetings ⁄ Proactive self e-learning about information security

7. Thank You for your attention Any questions? Petra Vukmirovic InfoSec Team Glasswall