Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information security awareness (sept 2012) bis handout


Published on

A presentation I delivered for CONFENIS 2012 in Ghent.

Published in: Technology, Education

Information security awareness (sept 2012) bis handout

  1. 1. Information Security (un)awareness Marc Vael International Vice-President
  2. 2. “My managementjust does not “get” information security!” Anonymous CISO of a large financial institution
  3. 3. “I am overwhelmed with all the passwords I have to remember. I just writethem down & leave them with my executive assistant.” Anonymous manager working in an insurance company
  4. 4. “Management hasauthorized acquisition ofsecurity monitoring tools,but they did not give meany budget for people to do this monitoring.” Anonymous CISO of a multinational service organisation
  5. 5. “Sure, I support information security, but my people need towork and make money.” Anonymous CEO of a retailer
  6. 6. “Our information securitydepartment keeps getting more tools, but I do not think we are any more secure.” Anonymous CRO of a large financial institution
  7. 7. “Security policy is onething. Reality is another.” Anonymous COO from a consulting company
  8. 8. “All that information security people do is say “No!”.They should learn how we really work. Angry manager of a governmental agency
  9. 9. Cyberwarfare is"the fifth domain ofwarfare“
  10. 10. Impact of an attack on the business
  11. 11. People are the weakest link.You can have the best technology,firewalls, intrusion-detection systems,biometric devices - and somebodycan call an unsuspecting employee.Thats all she wrote, baby.They got everything. Kevin Mitnick, ex hacker, IT security consultant.
  12. 12. Business Model for Information Security
  13. 13. Managing risks appropriately
  14. 14. Risk always exists! (whether or not it isdetected / recognisedby the organisation).
  15. 15. EDUCATION!
  16. 16. Corporate governance : ERM = COSO Support from Board of Directors & Executive Management
  17. 17. Policies & Standards
  18. 18. Project Management
  19. 19. Providing proper funding
  20. 20. Providing proper resources
  21. 21. Measuring performance
  22. 22. Review / Audit
  23. 23. Your security solution is as strong … … as its weakest link
  24. 24.
  25. 25.
  26. 26. For more information… Marc Vael International Vice-President Chairman of the Knowledge Board ISACA @marcvael