2. Agenda
Need for Awareness
Regulatory requirements
Goals and Focus
Types of Security Trainings
Phases of Security Training
Means of Delivering Security Training
10/20/2011 By: Meenal Mukadam 2
3. Why do we need Information Security?
10/20/2011 By: Meenal Mukadam 3
4. Measures to Safeguard Information
Information is Classified
Security Departments are set up
Policies are made
Procedures & Guidelines are laid down
Incident Handling Teams are formed
And many more Measures and Controls
are put place….
10/20/2011 By: Meenal Mukadam 4
5. Story of Information Security
But Still When it comes to Information
Security….
Security is often
compromised for ease
of use!
“Becomes the story of Everybody, Somebody, Anybody &
Nobody….”
10/20/2011 By: Meenal Mukadam 5
6. Why are Management Directives
not successful?
Security Directives are considered as the
concern of the Management & Security team
Typical Employee is considered to be a busy
person
Employees are taken for granted that they may
be knowing how to protect their and
organizations data
Security Roles and Responsibilities are not
delegated properly
10/20/2011 By: Meenal Mukadam 6
8. Regulatory Requirements
Regulation/ Industry/ Awareness/ training Requirement
Framework Country
HIPPA Healthcare (US) Security Final Rule
164.308 (a)(5)(i) (R) Implement a security
awareness and training program for all members of
its workforce (including management).
ISO/IEC Security All employees of the organization and, where
relevant, contractors and third party users should
17799:2005 Framework receive appropriate awareness training and regular
(Section 8.2.2) (International) updates in organizational policies and procedures,
as relevant for their job function.
SOX Act All publically DS 7.2 Delivery of Training and Education […]
Appoint trainers and organise training sessions on a
(Section 404) traded companies timely basis. Registration attendance and
US performance evaluations should be recorded.
10/20/2011 By: Meenal Mukadam 8
9. What is Security Awareness?
Recognizing what types of security
issues and incidents may arise
And Knowing which actions to take
in the event of a security breach
10/20/2011 By: Meenal Mukadam 9
10. Goals & Focus….
To Protect CIA aspect of your Assets
Take into the aspects of security safeguards
that can have practical limitations
Develop awareness program that is Absolutely
Focused & understandable by all
Delegate Clear & Non-Conflicting roles and
responsibilities
10/20/2011 By: Meenal Mukadam 10