SlideShare a Scribd company logo

ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2

KnowledgeWorking
KnowledgeWorking

Achieving Effective Employee Information Security Awareness Through Web 2.0 Technologies Presented at ISACA AsiaA

1 of 25
Achieving Effective Employee Information Security Awareness Through Web 2.0 Technologies JEEVAN JOSHI
What do we cover in this session ? • Trends in Information Security Employee Awareness • Using Web 2.0 technology • Demos • Conclusion
Key Message Employees the stewards of critical organisational data and information assets represent the most vulnerable link in the chain.. The use of Web 2.0 technologies allow effective engagement with employees, specially the growing numbers of technology savvy generations Web 2.0 tools are not only allow low cost, large scale deployments but also allow effective communication of key messages on Information Security
Human Error – Main Reason for Security Breaches • Study on IT security by the Computing Technology Industry Association (CompTIA) finds that – human error continues to be the main reason for security breaches - 42% of the IT professionals polled. – Industry can learn from its mistakes: Two years ago, that number was 59%.
Human Error – Main Reason for Security Breaches – "There has been a definitive shift toward greater emphasis on making employees aware of the threats around them..,“ – Some sectors are better prepared than others. Financial services are most likely to have a written policy, while fewer than half of education institutions do. – 81% said their policies now cover issues specific to remote and mobile employees.
Human Error – Main Reason for Security Breaches – "data suggesting that human error accounts for as much as 80% of breaches..,“ – “'Processes we have to spend money on because many regulations require us to. Technology we have traditionally been spending a lot of money on. Then in terms of people, the only spend we have is the salaries,'"So, there is a lot of work to do in education.”
Human Error – Main Reason for Security Breaches • Security training or certification now accounts for 12% of the total IT budget, compared with 8% in 2005. • The bottom line, however, is that only 45% of the IT staff members at the companies that responded have security-related training.
NIST Employee Awareness Model Slide Title
Sample Plan for Information Security Training RABQSA Certified Lead Auditor in Information Security Management (ISO 27001:2005) Course Demystifying Information Security Management Internal Auditing for Information Security Management Systems using ISO 27001:2005 Understanding and Implementing Information Security Management Systems using ISO 27001:2005 SAI Global Information Security Awareness Model
Web 2.0 Technology • Technology – e-Learning • Online Courses • Blended Learning • Virtual Classroom – Social Networking – Blogs – Podcasts
Employee Awareness Channels High Employee feedback High Employee Engagement & Social Networking ? Effectiveness Blogs with comments Participation e-Learning/ Podcasts Classroom Training Brochures & Posters Low Info Sec Policies Low Awareness Behavioural Change
Use of Web 2.0 Technologies Building the Web 2.0 Enterprise, McKinsey Global Survey
Use of Web 2.0 Technologies • Slide Content Building the Web 2.0 Enterprise, McKinsey Global Survey
Regional Satisfaction with Web 2.0 Tools Building the Web 2.0 Enterprise, McKinsey Global Survey Asia Pacific includes Australia, New Zealand, Taiwan, Hong Kong, Japan, S Korea and Singapore
e-Learning Courses Slide Title Courtesy – SAI Global • Slide Content
e-Learning Courses Courtesy – SAI Global • Slide Content
e-Learning Courses Slide Title Courtesy – SAI Global
Learning Based Games
e-Learning • Now a proven, scalable and cost effective method of raising information security awareness. • Allows employees the flexibility to learn on their own terms. • Incorporate graphics and media elements • Develop refresher courses every 6 months or so.
Blogs • More informal method of explaining the drivers behind Information Security policies. • Allow employees to add moderated comments. • Keep the content fresh • Choose bloggers who have the respect of the employees not just figures of authorities.
Social Networking • Relatively new channel for raising employee awareness. Works the other way i.e. users choose to access information created by other users. • Content framework to be specified in a corporate environment.
Information Security Employee Portals • One stop for formal and informal Information Security information in the organisation. • Use collaborative features such as feed back and contributing authors to engage users.
How Companies Adopt Web 2.0 Tools Building the Web 2.0 Enterprise, McKinsey Global Survey
Key Message Employees the stewards of critical organisational data and information assets represent the most vulnerable link in the chain.. The use of Web 2.0 technologies allow effective engagement with employees, specially the growing numbers of technology savvy generation X & Y employees Web 2.0 tools are not only allow low cost, large scale deployments but also allow effective communication of key messages about Information Security
ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2

Recommended

IDC Web2.0 Best Practices Jun2009
IDC Web2.0 Best Practices Jun2009IDC Web2.0 Best Practices Jun2009
IDC Web2.0 Best Practices Jun2009
Kim Jensen
 
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Prescient Digital Media
 
Intranet 2.0 on a Budget
Intranet 2.0 on a BudgetIntranet 2.0 on a Budget
Intranet 2.0 on a Budget
Prescient Digital Media
 
IDC Report : Web Security
IDC Report : Web SecurityIDC Report : Web Security
IDC Report : Web Security
Kim Jensen
 
East Maine School District Case Study
East Maine School District Case StudyEast Maine School District Case Study
East Maine School District Case Study
Securly
 
Social media global_org_cisco_deanna_govoni_041411
Social media global_org_cisco_deanna_govoni_041411Social media global_org_cisco_deanna_govoni_041411
Social media global_org_cisco_deanna_govoni_041411
Deanna Govoni
 
Enterprise 20 Summary
Enterprise 20 SummaryEnterprise 20 Summary
Enterprise 20 Summary
amruta moktali
 
2012 security services clientprex
2012 security services clientprex2012 security services clientprex
2012 security services clientprex
Kim Aarenstrup
 

Recommended

IDC Web2.0 Best Practices Jun2009
IDC Web2.0 Best Practices Jun2009IDC Web2.0 Best Practices Jun2009
IDC Web2.0 Best Practices Jun2009
Kim Jensen
 
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Prescient Digital Media
 
Intranet 2.0 on a Budget
Intranet 2.0 on a BudgetIntranet 2.0 on a Budget
Intranet 2.0 on a Budget
Prescient Digital Media
 
IDC Report : Web Security
IDC Report : Web SecurityIDC Report : Web Security
IDC Report : Web Security
Kim Jensen
 
East Maine School District Case Study
East Maine School District Case StudyEast Maine School District Case Study
East Maine School District Case Study
Securly
 
Social media global_org_cisco_deanna_govoni_041411
Social media global_org_cisco_deanna_govoni_041411Social media global_org_cisco_deanna_govoni_041411
Social media global_org_cisco_deanna_govoni_041411
Deanna Govoni
 
Enterprise 20 Summary
Enterprise 20 SummaryEnterprise 20 Summary
Enterprise 20 Summary
amruta moktali
 
2012 security services clientprex
2012 security services clientprex2012 security services clientprex
2012 security services clientprex
Kim Aarenstrup
 
Social Media @ Cisco-Quad based Integrated Workforce Experience for Employees
Social Media @ Cisco-Quad based Integrated Workforce Experience for EmployeesSocial Media @ Cisco-Quad based Integrated Workforce Experience for Employees
Social Media @ Cisco-Quad based Integrated Workforce Experience for Employees
Rajesh Prabhakar
 
HR summit - Social Media: ignore or embrace
HR summit - Social Media: ignore or embraceHR summit - Social Media: ignore or embrace
HR summit - Social Media: ignore or embrace
Rick Mans
 
347 wk01 2013 copy
347 wk01 2013 copy347 wk01 2013 copy
347 wk01 2013 copyGuy Richards
 
Social Networking In The Workplace Public Version
Social Networking In The Workplace Public VersionSocial Networking In The Workplace Public Version
Social Networking In The Workplace Public Version
Bolin Digital
 
Aralanet Ict Briefing V11
Aralanet Ict Briefing V11Aralanet Ict Briefing V11
Aralanet Ict Briefing V11John Macasio
 
Steve Perry presentation at the Perfect Information Conference 13 May 10
Steve Perry presentation at the Perfect Information Conference 13 May 10Steve Perry presentation at the Perfect Information Conference 13 May 10
Steve Perry presentation at the Perfect Information Conference 13 May 10
Steve Perry
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
arms8586
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.
Merry D'souza
 
Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9
Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9
Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9
Carmine Porco
 
Best practices to shape and secure your 1:1 program for Chromebooks
Best practices to shape and secure your 1:1 program for ChromebooksBest practices to shape and secure your 1:1 program for Chromebooks
Best practices to shape and secure your 1:1 program for Chromebooks
Securly
 
Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...Louise Spiteri
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 Environment
Vinoth Sivasubramanan
 
Wearable Technologies
Wearable TechnologiesWearable Technologies
Wearable Technologies
Anne Bartlett-Bragg
 
Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007
Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007
Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007white paper
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010
thaiantivirus
 
Intranet 2 0 Tools
Intranet 2 0 ToolsIntranet 2 0 Tools
Intranet 2 0 Tools
Carmine Porco
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the Workplace
John Macasio
 
Social Media Can Not Be Ignored
Social Media Can Not Be IgnoredSocial Media Can Not Be Ignored
Social Media Can Not Be Ignoredrichard_turner
 
The New Normal: emerging trends in 2015
The New Normal: emerging trends in 2015The New Normal: emerging trends in 2015
The New Normal: emerging trends in 2015
Anne Bartlett-Bragg
 
Social Media at Workplace
Social Media at WorkplaceSocial Media at Workplace
Social Media at Workplace
John Macasio
 
How to leverage BCP/DR for your Info Sec Program
How to leverage BCP/DR for your Info Sec ProgramHow to leverage BCP/DR for your Info Sec Program
How to leverage BCP/DR for your Info Sec Program
Moey
 
Things To Consider Before Moving To The Cloud
Things To Consider Before Moving To The CloudThings To Consider Before Moving To The Cloud
Things To Consider Before Moving To The Cloud
Intelligentia IT Systems Pvt. Ltd.
 

More Related Content

What's hot

Social Media @ Cisco-Quad based Integrated Workforce Experience for Employees
Social Media @ Cisco-Quad based Integrated Workforce Experience for EmployeesSocial Media @ Cisco-Quad based Integrated Workforce Experience for Employees
Social Media @ Cisco-Quad based Integrated Workforce Experience for Employees
Rajesh Prabhakar
 
HR summit - Social Media: ignore or embrace
HR summit - Social Media: ignore or embraceHR summit - Social Media: ignore or embrace
HR summit - Social Media: ignore or embrace
Rick Mans
 
347 wk01 2013 copy
347 wk01 2013 copy347 wk01 2013 copy
347 wk01 2013 copyGuy Richards
 
Social Networking In The Workplace Public Version
Social Networking In The Workplace Public VersionSocial Networking In The Workplace Public Version
Social Networking In The Workplace Public Version
Bolin Digital
 
Aralanet Ict Briefing V11
Aralanet Ict Briefing V11Aralanet Ict Briefing V11
Aralanet Ict Briefing V11John Macasio
 
Steve Perry presentation at the Perfect Information Conference 13 May 10
Steve Perry presentation at the Perfect Information Conference 13 May 10Steve Perry presentation at the Perfect Information Conference 13 May 10
Steve Perry presentation at the Perfect Information Conference 13 May 10
Steve Perry
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
arms8586
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.
Merry D'souza
 
Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9
Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9
Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9
Carmine Porco
 
Best practices to shape and secure your 1:1 program for Chromebooks
Best practices to shape and secure your 1:1 program for ChromebooksBest practices to shape and secure your 1:1 program for Chromebooks
Best practices to shape and secure your 1:1 program for Chromebooks
Securly
 
Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...Louise Spiteri
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 Environment
Vinoth Sivasubramanan
 
Wearable Technologies
Wearable TechnologiesWearable Technologies
Wearable Technologies
Anne Bartlett-Bragg
 
Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007
Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007
Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007white paper
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010
thaiantivirus
 
Intranet 2 0 Tools
Intranet 2 0 ToolsIntranet 2 0 Tools
Intranet 2 0 Tools
Carmine Porco
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the Workplace
John Macasio
 
Social Media Can Not Be Ignored
Social Media Can Not Be IgnoredSocial Media Can Not Be Ignored
Social Media Can Not Be Ignoredrichard_turner
 
The New Normal: emerging trends in 2015
The New Normal: emerging trends in 2015The New Normal: emerging trends in 2015
The New Normal: emerging trends in 2015
Anne Bartlett-Bragg
 
Social Media at Workplace
Social Media at WorkplaceSocial Media at Workplace
Social Media at Workplace
John Macasio
 

What's hot (20)

Social Media @ Cisco-Quad based Integrated Workforce Experience for Employees
Social Media @ Cisco-Quad based Integrated Workforce Experience for EmployeesSocial Media @ Cisco-Quad based Integrated Workforce Experience for Employees
Social Media @ Cisco-Quad based Integrated Workforce Experience for Employees
 
HR summit - Social Media: ignore or embrace
HR summit - Social Media: ignore or embraceHR summit - Social Media: ignore or embrace
HR summit - Social Media: ignore or embrace
 
347 wk01 2013 copy
347 wk01 2013 copy347 wk01 2013 copy
347 wk01 2013 copy
 
Social Networking In The Workplace Public Version
Social Networking In The Workplace Public VersionSocial Networking In The Workplace Public Version
Social Networking In The Workplace Public Version
 
Aralanet Ict Briefing V11
Aralanet Ict Briefing V11Aralanet Ict Briefing V11
Aralanet Ict Briefing V11
 
Steve Perry presentation at the Perfect Information Conference 13 May 10
Steve Perry presentation at the Perfect Information Conference 13 May 10Steve Perry presentation at the Perfect Information Conference 13 May 10
Steve Perry presentation at the Perfect Information Conference 13 May 10
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.
 
Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9
Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9
Promise Of Web 2.0 Inside The Firewall Fed Press Dec 9
 
Best practices to shape and secure your 1:1 program for Chromebooks
Best practices to shape and secure your 1:1 program for ChromebooksBest practices to shape and secure your 1:1 program for Chromebooks
Best practices to shape and secure your 1:1 program for Chromebooks
 
Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 Environment
 
Wearable Technologies
Wearable TechnologiesWearable Technologies
Wearable Technologies
 
Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007
Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007
Enterprise Social Media: Trends in Adopting Web 2.0 for the Enterprise in 2007
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010
 
Intranet 2 0 Tools
Intranet 2 0 ToolsIntranet 2 0 Tools
Intranet 2 0 Tools
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the Workplace
 
Social Media Can Not Be Ignored
Social Media Can Not Be IgnoredSocial Media Can Not Be Ignored
Social Media Can Not Be Ignored
 
The New Normal: emerging trends in 2015
The New Normal: emerging trends in 2015The New Normal: emerging trends in 2015
The New Normal: emerging trends in 2015
 
Social Media at Workplace
Social Media at WorkplaceSocial Media at Workplace
Social Media at Workplace
 

Viewers also liked

How to leverage BCP/DR for your Info Sec Program
How to leverage BCP/DR for your Info Sec ProgramHow to leverage BCP/DR for your Info Sec Program
How to leverage BCP/DR for your Info Sec Program
Moey
 
Things To Consider Before Moving To The Cloud
Things To Consider Before Moving To The CloudThings To Consider Before Moving To The Cloud
Things To Consider Before Moving To The Cloud
Intelligentia IT Systems Pvt. Ltd.
 
BCM Events Update
BCM Events UpdateBCM Events Update
BCM Events Update
The Business Council of Mongolia
 
Jason Teo Supply Chain Business Continuity Management Case Study in Infineon ...
Jason Teo Supply Chain Business Continuity Management Case Study in Infineon ...Jason Teo Supply Chain Business Continuity Management Case Study in Infineon ...
Jason Teo Supply Chain Business Continuity Management Case Study in Infineon ...
BCM Institute
 
Business Continuity Planning Seminar
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminar
cmckinney
 
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
BCM Institute
 
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNINGBUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
Health Informatics New Zealand
 
ISM BCP Case study
ISM BCP Case studyISM BCP Case study
ISM BCP Case study
Jorge Sebastiao
 
Building blocks for BCM programme
Building blocks for BCM programmeBuilding blocks for BCM programme
Building blocks for BCM programme
Malcolm Van Harte
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
John Wilson
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
Bharath Rao
 
What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP) What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP)
CBIZ, Inc.
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity PlanPlash Chowdhary
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcp
Adv Prashant Mali
 
Business continuity overview slideshare
Business continuity overview slideshareBusiness continuity overview slideshare
Business continuity overview slideshare
Chris Greenhill
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
alanlund
 
The A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoveryThe A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster Recovery
Sirius
 
How to Create a Competency-Based Training Program
How to Create a Competency-Based Training ProgramHow to Create a Competency-Based Training Program
How to Create a Competency-Based Training Program
BizLibrary
 
Competency based hr management
Competency based hr managementCompetency based hr management
Competency based hr management
Yodhia Antariksa
 

Viewers also liked (19)

How to leverage BCP/DR for your Info Sec Program
How to leverage BCP/DR for your Info Sec ProgramHow to leverage BCP/DR for your Info Sec Program
How to leverage BCP/DR for your Info Sec Program
 
Things To Consider Before Moving To The Cloud
Things To Consider Before Moving To The CloudThings To Consider Before Moving To The Cloud
Things To Consider Before Moving To The Cloud
 
BCM Events Update
BCM Events UpdateBCM Events Update
BCM Events Update
 
Jason Teo Supply Chain Business Continuity Management Case Study in Infineon ...
Jason Teo Supply Chain Business Continuity Management Case Study in Infineon ...Jason Teo Supply Chain Business Continuity Management Case Study in Infineon ...
Jason Teo Supply Chain Business Continuity Management Case Study in Infineon ...
 
Business Continuity Planning Seminar
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminar
 
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
 
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNINGBUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
 
ISM BCP Case study
ISM BCP Case studyISM BCP Case study
ISM BCP Case study
 
Building blocks for BCM programme
Building blocks for BCM programmeBuilding blocks for BCM programme
Building blocks for BCM programme
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP) What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP)
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity Plan
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcp
 
Business continuity overview slideshare
Business continuity overview slideshareBusiness continuity overview slideshare
Business continuity overview slideshare
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
The A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoveryThe A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster Recovery
 
How to Create a Competency-Based Training Program
How to Create a Competency-Based Training ProgramHow to Create a Competency-Based Training Program
How to Create a Competency-Based Training Program
 
Competency based hr management
Competency based hr managementCompetency based hr management
Competency based hr management
 

Similar to ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2

Web 2.0 artifacts in SME-networks
Web 2.0 artifacts in SME-networksWeb 2.0 artifacts in SME-networks
Web 2.0 artifacts in SME-networks
Hans-Joerg Happel
 
Reply Web20 University
Reply Web20 UniversityReply Web20 University
Reply Web20 University
reply
 
Web 2.0 Overview
Web 2.0 OverviewWeb 2.0 Overview
Web 2.0 Overview
Venkatesh Iyer
 
Fall 2012 Info Session Slides
Fall 2012 Info Session SlidesFall 2012 Info Session Slides
Fall 2012 Info Session SlidesJamie Thai
 
Web 2.0 for Schools/ Education Institution
Web 2.0 for Schools/ Education InstitutionWeb 2.0 for Schools/ Education Institution
Web 2.0 for Schools/ Education Institution
Venkatesh Iyer
 
Mike2.0 Methodology Overview
Mike2.0 Methodology OverviewMike2.0 Methodology Overview
Mike2.0 Methodology Overview
sean.mcclowry
 
Best Practices in Leveraging Virtual Environments for Learning
Best Practices in Leveraging Virtual Environments for Learning Best Practices in Leveraging Virtual Environments for Learning
Best Practices in Leveraging Virtual Environments for Learning
Human Capital Media
 
Web 2.0 goes to work for business: Enabling the power of participation
Web 2.0 goes to work for business: Enabling the power of participationWeb 2.0 goes to work for business: Enabling the power of participation
Web 2.0 goes to work for business: Enabling the power of participation
Ross Dawson
 
Architecture Of Participation - Enterprise2.0 adoption outlines
Architecture Of Participation - Enterprise2.0 adoption outlinesArchitecture Of Participation - Enterprise2.0 adoption outlines
Architecture Of Participation - Enterprise2.0 adoption outlines
Israel Blechman
 
KM Dissertation Proposal
KM Dissertation ProposalKM Dissertation Proposal
KM Dissertation Proposal
Colin Mooney
 
Enterprise Mashups Deliver Business Value
Enterprise Mashups Deliver Business ValueEnterprise Mashups Deliver Business Value
Enterprise Mashups Deliver Business Value
Enterprise 2.0 Conference
 
Enabling the Digital Leap: Strategies for K–12 Schools
Enabling the Digital Leap: Strategies for K–12 SchoolsEnabling the Digital Leap: Strategies for K–12 Schools
Enabling the Digital Leap: Strategies for K–12 Schools
Cisco Enterprise Networks
 
Digital Business: Conferencing and Collaboration Overview
Digital Business: Conferencing and Collaboration OverviewDigital Business: Conferencing and Collaboration Overview
Digital Business: Conferencing and Collaboration OverviewDigital Business
 
Why Web 2.0 Matters (1)
Why Web 2.0 Matters (1)Why Web 2.0 Matters (1)
Why Web 2.0 Matters (1)
Daniel Chun
 
What Is Mike2.0
What Is Mike2.0What Is Mike2.0
What Is Mike2.0
sean.mcclowry
 
Facebook Meets the Virtualized Enterprise
Facebook Meets the Virtualized EnterpriseFacebook Meets the Virtualized Enterprise
Facebook Meets the Virtualized Enterprisewhite paper
 
New Information Certification
New Information CertificationNew Information Certification
New Information Certification
Atle Skjekkeland
 
Building Software Solutions Using Web 2.0 Technologies
Building Software Solutions Using Web 2.0 TechnologiesBuilding Software Solutions Using Web 2.0 Technologies
Building Software Solutions Using Web 2.0 Technologies
Aspire Systems
 
Exploring Early Enterprise 2.0 Methodology
Exploring Early Enterprise 2.0 MethodologyExploring Early Enterprise 2.0 Methodology
Exploring Early Enterprise 2.0 Methodology
Enterprise 2.0 Conference
 

Similar to ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2 (20)

Enterprises2.0
Enterprises2.0Enterprises2.0
Enterprises2.0
 
Web 2.0 artifacts in SME-networks
Web 2.0 artifacts in SME-networksWeb 2.0 artifacts in SME-networks
Web 2.0 artifacts in SME-networks
 
Reply Web20 University
Reply Web20 UniversityReply Web20 University
Reply Web20 University
 
Web 2.0 Overview
Web 2.0 OverviewWeb 2.0 Overview
Web 2.0 Overview
 
Fall 2012 Info Session Slides
Fall 2012 Info Session SlidesFall 2012 Info Session Slides
Fall 2012 Info Session Slides
 
Web 2.0 for Schools/ Education Institution
Web 2.0 for Schools/ Education InstitutionWeb 2.0 for Schools/ Education Institution
Web 2.0 for Schools/ Education Institution
 
Mike2.0 Methodology Overview
Mike2.0 Methodology OverviewMike2.0 Methodology Overview
Mike2.0 Methodology Overview
 
Best Practices in Leveraging Virtual Environments for Learning
Best Practices in Leveraging Virtual Environments for Learning Best Practices in Leveraging Virtual Environments for Learning
Best Practices in Leveraging Virtual Environments for Learning
 
Web 2.0 goes to work for business: Enabling the power of participation
Web 2.0 goes to work for business: Enabling the power of participationWeb 2.0 goes to work for business: Enabling the power of participation
Web 2.0 goes to work for business: Enabling the power of participation
 
Architecture Of Participation - Enterprise2.0 adoption outlines
Architecture Of Participation - Enterprise2.0 adoption outlinesArchitecture Of Participation - Enterprise2.0 adoption outlines
Architecture Of Participation - Enterprise2.0 adoption outlines
 
KM Dissertation Proposal
KM Dissertation ProposalKM Dissertation Proposal
KM Dissertation Proposal
 
Enterprise Mashups Deliver Business Value
Enterprise Mashups Deliver Business ValueEnterprise Mashups Deliver Business Value
Enterprise Mashups Deliver Business Value
 
Enabling the Digital Leap: Strategies for K–12 Schools
Enabling the Digital Leap: Strategies for K–12 SchoolsEnabling the Digital Leap: Strategies for K–12 Schools
Enabling the Digital Leap: Strategies for K–12 Schools
 
Digital Business: Conferencing and Collaboration Overview
Digital Business: Conferencing and Collaboration OverviewDigital Business: Conferencing and Collaboration Overview
Digital Business: Conferencing and Collaboration Overview
 
Why Web 2.0 Matters (1)
Why Web 2.0 Matters (1)Why Web 2.0 Matters (1)
Why Web 2.0 Matters (1)
 
What Is Mike2.0
What Is Mike2.0What Is Mike2.0
What Is Mike2.0
 
Facebook Meets the Virtualized Enterprise
Facebook Meets the Virtualized EnterpriseFacebook Meets the Virtualized Enterprise
Facebook Meets the Virtualized Enterprise
 
New Information Certification
New Information CertificationNew Information Certification
New Information Certification
 
Building Software Solutions Using Web 2.0 Technologies
Building Software Solutions Using Web 2.0 TechnologiesBuilding Software Solutions Using Web 2.0 Technologies
Building Software Solutions Using Web 2.0 Technologies
 
Exploring Early Enterprise 2.0 Methodology
Exploring Early Enterprise 2.0 MethodologyExploring Early Enterprise 2.0 Methodology
Exploring Early Enterprise 2.0 Methodology
 

ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2

  • 1. Achieving Effective Employee Information Security Awareness Through Web 2.0 Technologies JEEVAN JOSHI
  • 2. What do we cover in this session ? • Trends in Information Security Employee Awareness • Using Web 2.0 technology • Demos • Conclusion
  • 3. Key Message Employees the stewards of critical organisational data and information assets represent the most vulnerable link in the chain.. The use of Web 2.0 technologies allow effective engagement with employees, specially the growing numbers of technology savvy generations Web 2.0 tools are not only allow low cost, large scale deployments but also allow effective communication of key messages on Information Security
  • 4. Human Error – Main Reason for Security Breaches • Study on IT security by the Computing Technology Industry Association (CompTIA) finds that – human error continues to be the main reason for security breaches - 42% of the IT professionals polled. – Industry can learn from its mistakes: Two years ago, that number was 59%.
  • 5. Human Error – Main Reason for Security Breaches – "There has been a definitive shift toward greater emphasis on making employees aware of the threats around them..,“ – Some sectors are better prepared than others. Financial services are most likely to have a written policy, while fewer than half of education institutions do. – 81% said their policies now cover issues specific to remote and mobile employees.
  • 6. Human Error – Main Reason for Security Breaches – "data suggesting that human error accounts for as much as 80% of breaches..,“ – “'Processes we have to spend money on because many regulations require us to. Technology we have traditionally been spending a lot of money on. Then in terms of people, the only spend we have is the salaries,'"So, there is a lot of work to do in education.”
  • 7. Human Error – Main Reason for Security Breaches • Security training or certification now accounts for 12% of the total IT budget, compared with 8% in 2005. • The bottom line, however, is that only 45% of the IT staff members at the companies that responded have security-related training.
  • 8. NIST Employee Awareness Model Slide Title
  • 9. Sample Plan for Information Security Training RABQSA Certified Lead Auditor in Information Security Management (ISO 27001:2005) Course Demystifying Information Security Management Internal Auditing for Information Security Management Systems using ISO 27001:2005 Understanding and Implementing Information Security Management Systems using ISO 27001:2005 SAI Global Information Security Awareness Model
  • 10. Web 2.0 Technology • Technology – e-Learning • Online Courses • Blended Learning • Virtual Classroom – Social Networking – Blogs – Podcasts
  • 11. Employee Awareness Channels High Employee feedback High Employee Engagement & Social Networking ? Effectiveness Blogs with comments Participation e-Learning/ Podcasts Classroom Training Brochures & Posters Low Info Sec Policies Low Awareness Behavioural Change
  • 12. Use of Web 2.0 Technologies Building the Web 2.0 Enterprise, McKinsey Global Survey
  • 13. Use of Web 2.0 Technologies • Slide Content Building the Web 2.0 Enterprise, McKinsey Global Survey
  • 14. Regional Satisfaction with Web 2.0 Tools Building the Web 2.0 Enterprise, McKinsey Global Survey Asia Pacific includes Australia, New Zealand, Taiwan, Hong Kong, Japan, S Korea and Singapore
  • 15. e-Learning Courses Slide Title Courtesy – SAI Global • Slide Content
  • 16. e-Learning Courses Courtesy – SAI Global • Slide Content
  • 17. e-Learning Courses Slide Title Courtesy – SAI Global
  • 19. e-Learning • Now a proven, scalable and cost effective method of raising information security awareness. • Allows employees the flexibility to learn on their own terms. • Incorporate graphics and media elements • Develop refresher courses every 6 months or so.
  • 20. Blogs • More informal method of explaining the drivers behind Information Security policies. • Allow employees to add moderated comments. • Keep the content fresh • Choose bloggers who have the respect of the employees not just figures of authorities.
  • 21. Social Networking • Relatively new channel for raising employee awareness. Works the other way i.e. users choose to access information created by other users. • Content framework to be specified in a corporate environment.
  • 22. Information Security Employee Portals • One stop for formal and informal Information Security information in the organisation. • Use collaborative features such as feed back and contributing authors to engage users.
  • 23. How Companies Adopt Web 2.0 Tools Building the Web 2.0 Enterprise, McKinsey Global Survey
  • 24. Key Message Employees the stewards of critical organisational data and information assets represent the most vulnerable link in the chain.. The use of Web 2.0 technologies allow effective engagement with employees, specially the growing numbers of technology savvy generation X & Y employees Web 2.0 tools are not only allow low cost, large scale deployments but also allow effective communication of key messages about Information Security