Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
25 tips & tricks




                                               25 Examples
                                         o...
25 tips & tricks


                                                                  Introduction
            • Marc Vael
...
25 tips & tricks

                  Test : The economic crisis has no impact
                            on the way we han...
25 tips & tricks

                                             Lesson 2 : It is the CISO who is
                          ...
25 tips & tricks

                                                    Lesson 4 : The security vision is
                  ...
25 tips & tricks

              Lesson 6 : Security and risk management
                          are two different profes...
25 tips & tricks

                                        Lesson 8 : People know how to
                                  ...
25 tips & tricks

                                               Lesson 10 : Security awareness
                          ...
25 tips & tricks

                                            Lesson 12 : People always select a
                         ...
25 tips & tricks

                                                    Lesson 14 : People respect clean
                   ...
25 tips & tricks

                                    Lesson 16 : IT people give the good
                                ...
25 tips & tricks

                                   Lesson 18 : Only naughty people get
                                 ...
25 tips & tricks

                          Lesson 20 : People mention their
                     backups in their OOO whe...
25 tips & tricks

                         Lesson 22 : People know & respect
                     security rules when at o...
25 tips & tricks

                      Lesson 24 : People know how to secure
                       their wired & wireles...
25 tips & tricks


                                                                                   Conclusion




     ...
Upcoming SlideShare
Loading in …5
×

Valuendo 25 Things Not To Do (March 2009) Handout

469 views

Published on

Voting presentation on 25 security statements.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

Valuendo 25 Things Not To Do (March 2009) Handout

  1. 1. 25 tips & tricks 25 Examples of what you should not do March 2009 Mr. Marc Vael Managing Director Valuendo © 2009 Valuendo. All rights reserved. 1 INFORMATION CLASSIFICATION = PUBLIC Agenda • Introduction • Concept • 25 Statements • Conclusion © 2009 Valuendo. All rights reserved. 2 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 1
  2. 2. 25 tips & tricks Introduction • Marc Vael • Managing Director Valuendo (“value & do”) since July 2001 • Education – Master Applied Economics (UAntwerp) – Master Information Management (UHasselt) – Master+ Applied Economics & ICT (KUL) • Core Services – Enterprise Risk Management – IT Governance – Information Security Management – Data Privacy & Protection – Business Continuity / Disaster Recovery – Crisis Management – IT Audit & Compliance • Certifications in good standing – CISA / CISM / CISSP / ITIL Service Manager © 2009 Valuendo. All rights reserved. 3 INFORMATION CLASSIFICATION = PUBLIC Concept • First : Statement • Second : Voting on your current experience © 2009 Valuendo. All rights reserved. 4 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 2
  3. 3. 25 tips & tricks Test : The economic crisis has no impact on the way we handle security • Fully Agree • Do not agree • Don’t know really © 2009 Valuendo. All rights reserved. 5 INFORMATION CLASSIFICATION = PUBLIC Lesson 1 : Security > Business needs •Yes •Not always •No © 2009 Valuendo. All rights reserved. 6 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 3
  4. 4. 25 tips & tricks Lesson 2 : It is the CISO who is driving security in our organisation •Of course. •No, the real driver is someone else •I’m not sure © 2009 Valuendo. All rights reserved. 7 INFORMATION CLASSIFICATION = PUBLIC Lesson 3 : Security budget is easy to calculate and to defend/present •Absolutely •Difficult to calculate, but easy to defend / present •Not really © 2009 Valuendo. All rights reserved. 8 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 4
  5. 5. 25 tips & tricks Lesson 4 : The security vision is understood by everyone •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 9 INFORMATION CLASSIFICATION = PUBLIC Lesson 5 : Everybody understands security terminology used •Yes we know and we even have a glossary •We hope so •No © 2009 Valuendo. All rights reserved. 10 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 5
  6. 6. 25 tips & tricks Lesson 6 : Security and risk management are two different professions •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 11 INFORMATION CLASSIFICATION = PUBLIC Lesson 7 : People recognize security incidents •Yes and we even have tested this •We hope so •No © 2009 Valuendo. All rights reserved. 12 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 6
  7. 7. 25 tips & tricks Lesson 8 : People know how to classify and secure their information •Yes and we even have tested this •We hope so •No © 2009 Valuendo. All rights reserved. 13 INFORMATION CLASSIFICATION = PUBLIC Lesson 9 : Security audits are essential to determine what’s wrong •Yes •We hope so •No © 2009 Valuendo. All rights reserved. 14 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 7
  8. 8. 25 tips & tricks Lesson 10 : Security awareness posters are the most effective tool •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 15 INFORMATION CLASSIFICATION = PUBLIC Lesson 11 : People remember all passwords & pin-codes •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 16 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 8
  9. 9. 25 tips & tricks Lesson 12 : People always select a strong password •Yes and we even enforce this •We hope so •No © 2009 Valuendo. All rights reserved. 17 INFORMATION CLASSIFICATION = PUBLIC Lesson 13 : People lock their PC information via screen saver •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 18 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 9
  10. 10. 25 tips & tricks Lesson 14 : People respect clean desk policy •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 19 INFORMATION CLASSIFICATION = PUBLIC Lesson 15 : People always use the security tools we give them •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 20 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 10
  11. 11. 25 tips & tricks Lesson 16 : IT people give the good example of respecting security rules •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 21 INFORMATION CLASSIFICATION = PUBLIC Lesson 17 : People only use official authorized software •Yes and we even have tested this •We hope so •No © 2009 Valuendo. All rights reserved. 22 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 11
  12. 12. 25 tips & tricks Lesson 18 : Only naughty people get naughty spam mails •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 23 INFORMATION CLASSIFICATION = PUBLIC Lesson 19 : Only dumb people fall for phishing scams / mails •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 24 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 12
  13. 13. 25 tips & tricks Lesson 20 : People mention their backups in their OOO when unavailable •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 25 INFORMATION CLASSIFICATION = PUBLIC Lesson 21 : People suggest alternative communication channels when unavailable •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 26 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 13
  14. 14. 25 tips & tricks Lesson 22 : People know & respect security rules when at other companies •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 27 INFORMATION CLASSIFICATION = PUBLIC Lesson 23 : People need full internet access for professional reasons •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 28 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 14
  15. 15. 25 tips & tricks Lesson 24 : People know how to secure their wired & wireless network access •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 29 INFORMATION CLASSIFICATION = PUBLIC Lesson 25 : Security is still better on paper than on digital format •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 30 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 15
  16. 16. 25 tips & tricks Conclusion © 2009 Valuendo. All rights reserved. 31 INFORMATION CLASSIFICATION = PUBLIC Contact information Mr. Marc Vael, CISA, CISM, CISSP, ITIL Managing Director Valuendo Kriebrugstraat 33 1760 Roosdaal Belgium T: +32 5 433 61 93 M: +32 473 99 30 31 M: mvael@valuendo.com mvael@valuendo.com W: www.valuendo.com © 2009 Valuendo. All rights reserved. 32 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 16

×