Executive Information Security Training
-
Upload
angela-samuels -
Category
Education
-
view
1.290 -
download
0
description
Transcript of Executive Information Security Training
![Page 1: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/1.jpg)
Awareness Training for Executives
Information Security
![Page 2: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/2.jpg)
(module 4) 2
Introduction
Welcome
![Page 3: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/3.jpg)
Angela Samuels
(module 4) 3
Trainer
![Page 4: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/4.jpg)
(module 4) 4
Real World Stats
IT professionals in countries other than the U.S. were slightly more cautious in their own vulnerability assessments. 13% in Europe 16% in China 24% in India say their organizations are more vulnerable to security dangers than a year ago.
![Page 5: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/5.jpg)
(module 4) 5
Objectives
• How to access the current level of security within the corporation.
• What to expect of the future of Information Security.
![Page 6: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/6.jpg)
Security Assessment
Three areas in the company to focus on:
People Processes And technology
![Page 7: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/7.jpg)
Security Assessment
• Create a security evaluation framework by
• Internal information security department or
• Third party vendor
(module 4) 7
![Page 8: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/8.jpg)
(module 4) 8
Security Assessment
Internal department assessment can use “The executive guide to Information Security” as a guide.
![Page 9: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/9.jpg)
(module 4) 9
Security Assessment
Third Party Vendors
Brought in as support and guide.
Require they have industry standards rather then their own.
The company can do their own follow up assessment in the future.
![Page 10: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/10.jpg)
(module 4) 10
Security Assessment
Timeframe is usually 90 days for full assessment depending on the size of company.
After assessment, improvements can be planned and enacted.
![Page 11: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/11.jpg)
(module 4) 11
The Future of Information Security
More and more threats More complex web applications = more complex threats
![Page 12: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/12.jpg)
The Future of Information Security
The threats have global impact. The threats will spread faster. Hackers intentions will be motivated by organized
crime organizations.
![Page 13: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/13.jpg)
(module 4) 13
Review of Objectives
• How to access the current level of security within the corporation.
• What to expect of the future of Information Security.
![Page 14: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/14.jpg)
Real World Scenario
A hospital’s Web site was compromised because a Web developer made a programming error. Sensitive patient records were taken. When the criminals proved they had the data, the hospital had to choose between paying extortion or allowing their patients health records to be spread all over the Internet.
What do you do?
(module 4) 14
![Page 15: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/15.jpg)
Real World Scenario Review Questions
1. Would an assessment prevented a situation like this?
2. Is your company prepared to handle a situation like this?
(module 4) 15
![Page 16: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/16.jpg)
Tips to Take Back to the Office
Work on assessment right a way if you have not done so already.
Always be on the look out the latest and greatest hacker schemes.
(module 4) 16
![Page 17: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/17.jpg)
(module 4) 17
Materials
• Executive security awareness brochure
• Website for executive security related articles
![Page 18: Executive Information Security Training](https://reader035.fdocuments.us/reader035/viewer/2022070303/54958f43b47959a7508b46cc/html5/thumbnails/18.jpg)
(module 4) 18
Questions