2. • To err is human, but to really foul things up
requires a computer.
• Computers are unreliable, but humans are even
more unreliable. Any system which depends on
human reliability is unreliable.
16. Awareness + Accountability =
Information Security Readiness
Problem:
Human factors represent the greatest challenge.
Solution:
A Security Awareness Program
•Enables every employee to become
•Brings Accountability
Awareness Training
is no longer Optional
18. Audience
• Everyone: All Employees, Partners and Contractors
• Separate Messages crafted for general users, management
and technical staff
• Groups of New or Existing Employee - Time Frame
25. Hard Facts
• Physical Security is no longer sufficient
• Over reliance on technology cannot protect you
• Awareness and training is a must.
• Security breach on your system affects YOU !!
Editor's Notes
IT people are remembered all the time when things go wrong
AND
Murphys law applies to all IT people.
"The world isn’t run by weapons anymore, or energy, or money. It’s run by little ones and zeros, little bits of data... There’s a war out there... and it’s not about who’s got the most bullets. It’s about who controls the information.“
Where
GothsVandals
Talibans
were earlier reqd to bring down the infrastructure
Today a lean geek can cause the similar damage with few strokes of zeros and ones.
CISOs have spent the past few years
perfecting digging moats around the corporate castle.
Now, as they lift their heads out of the trenches,
they find themselves living in the age
of bomber planes and guided missiles
A single worm can cause a chaos and cost lot of money
By bringing in blended threats
reducing the exploit time and
Use of new technology….targeted attacks, ….modular threat vectors.
Who ? Who ? ………….. Your consultant, or your vendor or your IT staff ……………….it is you yourself……….each one of you.
The answer is your employees:
Employees are the ones who use the information assets – they are the one who are the closest to these assets – they are the one who gets most affected by security incident -- hence the onus of protection falls on them first.
They can be the human firewall -- your organization needs for protection against the numerous threats out in the open.
<number>
It’s all about People, Process and Technology – Technology is the smallest part and the easiest to control!!
Neither process nor technology will do any good if the people are not adequately trained. People need to be aware of what the current threats are, and what to do about them. They need to know what protection mechanisms are in place, be they a technical solution or a process.
Tell a man there are 300 billion stars in the universe and he'll believe you. Tell him a bench has wet paint on it and he'll have to touch to be sure.
PEOPLE PROBLEM
All technical people view computer security as a technology problem. They use sophisticated hardware and software solutions to control access and prevent fraud. The reality
is that computer security is a people problem.
Human Firewall -- Most vulnerable – they are prone accidents and can make mistakes/errors and may even have malicious intents sometimes.
Employees are greatest threats to information security.
Caused by:
Inexperience
Improper training
Incorrect assumptions
Other circumstances
HOW CAN WE CLOSE GAPS IN THIS HUMAN FIREWALL -- ?
Security awareness must be delivered through an ongoing, continuous program, as opposed to a finite set of activities.
Despite significant investment in technology and infrastructure, Human factors represent the greatest challenge. in achieving information security readiness
<number>
Campaign
Raising awareness is similar to commercial advertising or social marketing, such as the campaigns to reduce smoking or decrease the use of alcohol.
Behavioral change is what we are aiming at.