This document provides an overview of information security awareness training based on ISO/IEC 27001:2013. It discusses what information is, the key aspects of information security including confidentiality, integrity and availability. It then outlines various practices for maintaining confidentiality, integrity and availability such as access controls, backups and policies. The document also discusses the benefits of information security, key drivers, why security breaches occur, and important security topics for end users including policies, asset classification, physical security, passwords and more.
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
This is a presentation on information security and its importance. It talks about ISO 27001 in later part.
http://www.ifour-consultancy.com - software outsourcing company in india
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
This is a presentation on information security and its importance. It talks about ISO 27001 in later part.
http://www.ifour-consultancy.com - software outsourcing company in india
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
A two hours security awareness session that I presented for Petronas Marketing Sudan employees. The session includes -- but not limited to -- many topics like Passwords, Email Security, Social Networks Security, Physical Security, and Laptop Security.
You can use this as an introductory session for your security awareness training, but not as a sufficient one time session at all.
Your comments, feedback, and suggestions are much appreciated.
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
A two hours security awareness session that I presented for Petronas Marketing Sudan employees. The session includes -- but not limited to -- many topics like Passwords, Email Security, Social Networks Security, Physical Security, and Laptop Security.
You can use this as an introductory session for your security awareness training, but not as a sufficient one time session at all.
Your comments, feedback, and suggestions are much appreciated.
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
This presentation shares information about cyber security. This has basic information that should be known by everyone. The video at the end revises the whole topic in a very simple and straightforward manner.
Cyber24x7 Cybersecurity awareness slides to make users aware of company policies , information security issues , phishing emails etc. Well explained crisp information security slides covering 27001 awareness.
The Masterclass on Safeguarding Your Digital World, Outsmart Scammers and Protect Your Online Identity was presented by Richard Mawa Michael an awardee of the Ingressive 4 Good Cybersecurity Scholarship. He presented to South Sudanese audience on Saturday 02 September 2023 from 1 PM to 3 PM Central African Time in a session convened by the Excellence Foundation for South Sudan
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
2. An Asset that has value to the Organization
and that can exist in many forms
(written, spoken, sent, stored, printed, transmitted, …)
What is Information ?
4. How do we practice “Confidentiality” ?
welcome123
W31(ome!@#
System passwords
VS
Clear desk clear screen policy
5. How do we practice “Integrity” ?
File permissions
Read
Execute
Write
X
X
Document version and
access restrictions
6. How do we practice “Availability” ?
Restoration
Backup
7. Protects information from a wide range of threats
Ensure business continuity
Minimizes business damage
Maximizes business opportunities
Gaines customer confidence.
Information Security - Benefits
9. Information Security is TEAM WORK
□ It isn't just the sole responsibility of
the security officer or the IT
department.
□ All the departments must be
committed in protecting business
information.
10. Why Security Breaches occur ?
• Lack of awareness on Policies & Procedures.
• Compromising security for convenience.
• Excessive dependency on technical controls.
11. Key Security Topics for End Users
• A brief snapshot of policies &
procedures
12. Know the key people
S
No
Member’s Name Organizational Role ISSC Role
1
2
3
4
5
13. Asset Classification
Classification Description Example
Restricted This classification applies to the restricted
business information, which is intended strictly
for use within the organization or a group of
individuals at the organization. Its unauthorized
disclosure could adversely impact The
organization, its employees, and/or its
customers.
HR Employee records, invoices,
and Internal audit reports,
Designs, Project or Customer
related information, etc.
Sensitive This classification applies to all other
information, which does not clearly fit into any
of the other classifications. While its
unauthorized disclosure is against policy, it is
not expected to seriously or adversely impact
the organization, its employees / customers.
ISMS Policies, Procedures, ISMS
manuals, Departments’ SOP etc.
Public This classification applies to information, which
has been explicitly approved by the
organization’s management for release to the
employees. By definition, there is nothing as
unauthorized disclosure of this information and
it may be freely disseminated without potential
harm.
Information available in the
Internet sites, brochures,
pamphlets, newsletters, press
releases, Advertisements,Wall
papers, Event results,
Calendars, etc.
Please label your documents based on this classification
14. Physical Security
□ Employees, visitors and vendors shall wear staff passes at
all times in the company premises.
□ Challenge any unknown person without proper
identification such as a visitor pass.
□ Tailgating/ Piggybacking is strictly prohibited.
□ All physical security breaches should be reported to the
physical security personnel.
15. Environmental Security
• Know your Fire evacuation procedures
• Know where are the emergency exits
• Learn how to use the fire extinguishers
• Assemble in the safe assembly area outside
the premises for further instructions
• Attend fire drill sessions
16. Workstation Security
□ Lock the work station when not in use.
□ Installation of pirated or unlicensed software is prohibited.
□ Collect all printout immediately from the printer area.
□ All Sensitive documents to be cleared/shredded if not in use.
□ All information on white boards to be erased after use.
17. Mobile devices security - Laptops
□ While travelling, ensure that the laptop bag is physically
secured. Secure it with a cable lock.
□ While using restrooms at airports ensure your laptop is
safe.
□ Disable wireless auto-connection.
□ Avoid insecure wireless connections in public places.
□ Do not disable or ignore antivirus / patch updates.
18. Password Security
□ Keep your password confidential at all times.
□ Complexity: Minimum 8 characters long, with a combination of
upper and lower case, numbers and special characters.
□ Change: Once every 45 days – enforced by the system
□ Change your password immediately if you suspect your password
has been compromised.
19. E-mail Security
□ Email account should be used for business purposes only.
□ Don't open attachments from untrusted senders.
□ Create a strong email password.
□ Do not save your email account passwords in web browsers.
□ Do not forward chain/spam/junk e-mail.
□ Use disclaimer notice to e-mails sent through company e-
mail.
□ Do not create or distribute any e-mail message containing
offensive material to any person or organization using
company e-mail.
20. Removable media security
□ Authorization for usage of removable media is granted
on “need-to” basis with prior approval.
□ It should be used for business purposes only.
□ Regularly scan the removable media for viruses.
□ Media containing sensitive information must be
completely formatted/ deleted/ demagnetized/
scrapped if no longer in use.
21. Information Security Incident
All security events & weaknesses must be reported to the
Information Security Team, incident response manager or directly
to the CISO.
Some common, incidents that one should report are:-
□ Password changes (you can’t log in) or requests to share your
password,
□ Workstation infection from a virus, worm or Trojan, adware, or
spyware
□ Sudden workstation slowdowns,
□ File additions, changes, or deletions,
□ Access control door not functioning properly
23. Security Awareness on Social Media
- LinkedIn, Facebook, Twitter, etc.
Social media is one of the fastest growing areas of online activity, and one of the
fastest growing areas for malicious cyber activity. Even if your organization
blocks access to social media sites, there are a tremendous number of risks you
have to make your self aware of. Here are some of the key points we
recommend concerning social media sites.
Privacy & Social Media:
• Privacy does not exist on social media sites.
• Yes, there are privacy options and controls, but too much can go wrong and
your sensitive information can end up being exposed.
• Things such as your account being hacked, your friend's accounts being
hacked, privacy controls changing, getting the privacy controls wrong, or
people who you thought were your friends are no longer your friends.
• Long story short, if you don't want mom or your boss reading it--don't post it.
• This means being careful and watching what your friends post about you,
including pictures. If nothing else, remember that employers now include sites
like Facebook and Twitter as part of any standard background check.
24. Scams & Social Media: Social media websites are a breeding ground for
scams. If one of your friend's posts seems odd or suspicious, it may be an attack.
For example, your friend posts that they have been mugged while on vacation in
London and need you to wire them money. Or perhaps they are posting links
about great ways to get rich, or some shocking incident you must see. Many of
these scams or malicious links are the very same attacks you have been
receiving in e-mail for years, but now bad guys are replicating them in social
media. If you see a friend posting very odd things, call or text them to verify that
they really posted the information.
Work & Social Media: Do not post anything sensitive about work. Be sure you
understand your organization's policies about what you can and cannot post
about your job.
Social media is a powerful way to communicate and stay in touch with people
around the world. We do not want to scare people away from it. Instead we
simply want to make people aware of the risks so that they can leverage
technology more effectively.
Security Awareness on Social Media -
LinkedIn, Facebook, Twitter, etc.
25. • The rules you must follow to avoid risks through social
media.
– When engaging online, do not post any confidential,
internal-use only or copyrighted information .
– Do not post anything that is offensive, harassing, or in
violation of any applicable law.
Security Awareness on Social Media -
LinkedIn, Facebook, Twitter, etc.
26. Phishing
• Phishing scams employ fraudulent e-mail messages or Web sites that try to fool you into
divulging personal information.
• Phishing e-mail messages often include misspellings, poor use of grammar, threats, and
exaggerations.
• To help protect yourself against phishing, use phishing filters, which helps in identifying and
remove phishing attacks.
Examples of phishing email messages & links