Cyber Security Awareness

Cyber Security Awareness
Ramiro Cid | @ramirocid
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

2
Index
1. Introduction to Cyber Security Page 3
2. Why is Cyber Security important? Page 4
3. What do I have to do to protect me from Cyber attacks? Page 5
4. How to create a IT Security Awareness Plan ? Page 7
5. Sources used and webs to expand knowledge Page 11

Introduction to Cyber Security
Cybersecurity, also known as “IT security” or “Computer security” is information security applied to
computing devices such as servers, computers and mobile devices (as smartphones, tablets), etc.,
as well as computer networks such as private and public networks, including the whole Internet.
Network outages, data compromised by hackers, social attacks, computer viruses and other security
incidents could affect our lives in ways that range from inconvenient to life-threatening. As the
number of mobile users and devices, web applications and data networks increase, so do the
opportunities for exploitation.
The field covers all the processes and mechanisms by which digital equipment, information and
services are protected from unintended or unauthorized access, change or destruction, and is of
growing importance in line with the increasing reliance on computer systems of most societies
worldwide.

Why is Cyber Security important?
Governments, military, private corporations, financial institutions, hospitals and other businesses
collect, process and store a great deal of confidential information on computers and transmit that
data across their networks (using also external suppliers and customers networks too) to send their
data to other computers.
With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect
sensitive business and personal information, as well as
safeguard national security and personal data.
Nowadays, the nation's top intelligence officials
warned that cyber attacks and digital spying are the
top threat to national security, eclipsing terrorism.

What do I have to do to protect me from Cyber attacks?
• Common sense (the less common of the senses) is something we have to use (in addition of Best
Practices about IT Security off course) but not always people use it properly.
• There are different countermeasures in relation of the asset to protect against different
vulnerabilities which could affect it. Depends on the case you must use one or other.
• In a corporate environment it is a good practice split the responsibilities between IT management
and IT Security Management. Not always possible in small companies or areas.

What do I have to do to protect me from Cyber attacks?
• Companies which want to have a correct IT Security Awareness need to develop a plan to do the
rollout of trainning about this awareness.
• People is often the weak link in the chain in IT Security. The best technical security efforts will fail if
their company has a weak security culture.

How to create a IT Security Awareness Plan ?
There are different ways to get it, now I will explain a way to do it:
1. C-Level support
Awareness programs that obtain C-level support are more successful. Top Management has to give
the support to this process. This support inevitably leads to more freedom, larger budgets and
support from other departments.
2. Partnering with key departments
Successful awareness programs found a way to involve other departments, such as legal,
compliance, human resources, marketing, privacy and physical security.

3. Creativity
Creativity is a must. While a large budget helps, companies with a small security awareness budget
have still been able to establish successful programs. Creativity and enthusiasm can make up for a
small budget.
4. Metrics
One of the key factors in having a successful effort is being
able to prove that your effort is successful. The only way to
do this is to collect metrics prior to initiated new awareness efforts.

5. Department of how
Awareness efforts that focus on how to accomplish actions are more successful than those that
focus on telling people that they should not be doing things.
6. 90-day plans
Most security awareness programs follow a one-year plan. Those plans also attempt to cover one
topic a month. This is ineffective, as it does not reinforce knowledge, and does not allow for
feedback or to account for ongoing events.

7. Multimodal awareness materials
The most successful programs are not only creative; they rely on many forms of awareness
materials. While there is a potential place for learning management system training modules, too
many programs rely on them completely as an awareness program.

Sources used and webs to expand knowledge
“What is Cyber Security?” – UMUC | URL: http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm
“IT Security Review: Privacy, Protection, Access Control, Assurance and System Security”
URL: http://www.sersc.org/journals/IJMUE/vol2_no2_2007/2.pdf
Wikipedia | URL: http://en.wikipedia.org/wiki/Computer_security
“The 7 elements of a successful security awareness program”
URL: http://www.csoonline.com/article/2133408/network-security/the-7-elements-of-a-successful-security-awareness-program.html
“Why you shouldn't train employees for security awareness?”
URL: http://www.csoonline.com/article/2131941/security-awareness/why-you-shouldn-t-train-employees-for-security-awareness.html
“Ten commandments for effective security training”
URL: http://www.csoonline.com/article/2131688/security-awareness/ten-commandments-for-effective-security-training.html

Questions ?
Many thanks !
Ramiro Cid
CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL
ramiro@ramirocid.com
@ramirocid
http://www.linkedin.com/in/ramirocid
http://ramirocid.com http://es.slideshare.net/ramirocid
http://www.youtube.com/user/cidramiro

Cyber Security Awareness

More Related Content

What's hot

Viewers also liked

Similar to Cyber Security Awareness

More from Ramiro Cid

Recently uploaded

Cyber Security Awareness